Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7047

Опубликовано: 28 июн. 2017
Источник: redhat
CVSS3: 4.3
CVSS2: 3.5
EPSS Низкий

Описание

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.

A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1374215cfme: API leaks any MiqReportResult

EPSS

Процентиль: 55%
0.00328
Низкий

4.3 Medium

CVSS3

3.5 Low

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-7047

CVSS3: 4.3
nvd
больше 7 лет назад

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.

github логотип

GHSA-2499-9m7g-hrw5

CVSS3: 4.3
github
больше 3 лет назад

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.

EPSS

Процентиль: 55%
0.00328
Низкий

4.3 Medium

CVSS3

3.5 Low

CVSS2