CVE-2017-15123

Published: Jun 12, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.

Affected (1)

Products: Redhat: Cloudforms Management Engine

1 product

Cloudforms Management Engine

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms Management Engine	From 5.8 to 5.10

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

http://www.securityfocus.com/bid/108690

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/

Source: secalert@redhat.com

http://www.securityfocus.com/bid/108690

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.