CVE-2017-2664

Published: Jul 26, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.

Affected (4)

Products: Redhat: Cloudforms, Cloudforms Management Engine

2 products

Cloudforms Management Engine

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms	Version 4.2
Redhat Cloudforms	Version 4.6
Redhat Cloudforms Management Engine	Before 5.7.3
Redhat Cloudforms Management Engine	From 5.8 to 5.8.1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://www.securityfocus.com/bid/100148

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1758

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2017:3484

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664

Source: secalert@redhat.com

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/100148

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1758

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2017:3484

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.