Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7071

Опубликовано: 20 окт. 2016
Источник: redhat
CVSS3: 8.8
CVSS2: 9

Описание

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

It was found that the CloudForms did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1383124CFME: bypass authorization by altering VM ID

8.8 High

CVSS3

9 Critical

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-7071

CVSS3: 8.8
nvd
больше 7 лет назад

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

github логотип

GHSA-82ph-q482-5fhg

CVSS3: 8.8
github
больше 3 лет назад

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

8.8 High

CVSS3

9 Critical

CVSS2