CVE-2016-7040

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:cloudforms_management_engine:4.1:*:*:*:*:*:*:*

Information

Published : 2016-10-07 07:59

Updated : 2016-11-28 12:37


NVD link : CVE-2016-7040

Mitre link : CVE-2016-7040


JSON object : View

CWE
CWE-284

Improper Access Control

Advertisement

dedicated server usa

Products Affected

redhat

  • cloudforms_management_engine