CVE-2017-2664

Опубликовано: 26 июл. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.

Ссылки

http://www.securityfocus.com/bid/100148
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1758
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3484
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/100148
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1758
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3484
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:cloudforms:4.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*

Версия до 5.7.3 (исключая)

cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*

Версия от 5.8 (включая) до 5.8.1 (исключая)

EPSS

Процентиль: 44%

0.0022

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-2664

CVSS3: 6.5

redhat

больше 8 лет назад

GHSA-rc49-fxf8-jgg2

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 44%

0.0022

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-noinfo