Описание
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms.
Дополнительная информация
Статус:
Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1353722CloudForms: Lack of field filters on user input
7.7 High
CVSS3
6.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 8.8
nvd
больше 9 лет назад
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
CVSS3: 8.8
github
больше 3 лет назад
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
7.7 High
CVSS3
6.3 Medium
CVSS2