CVE-2016-7071

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:cloudforms:4.1:*:*:*:*:*:*:*

Information

Published : 2018-09-10 08:29

Updated : 2019-10-09 16:19


NVD link : CVE-2016-7071

Mitre link : CVE-2016-7071


JSON object : View

CWE
CWE-285

Improper Authorization

Advertisement

dedicated server usa

Products Affected

redhat

  • cloudforms_management_engine
  • cloudforms