Описание
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5.5 | cfme | Will not fix | ||
| CloudForms Management Engine 5.6 | cfme | Fixed | RHSA-2016:2839 | 30.11.2016 |
| CloudForms Management Engine 5.6 | cfme-appliance | Fixed | RHSA-2016:2839 | 30.11.2016 |
| CloudForms Management Engine 5.6 | cfme-gemset | Fixed | RHSA-2016:2839 | 30.11.2016 |
| CloudForms Management Engine 5.6 | freeipmi | Fixed | RHSA-2016:2839 | 30.11.2016 |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
8.5 High
CVSS2
Связанные уязвимости
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
8.8 High
CVSS3
8.5 High
CVSS2