5.1

CVE-2015-7502

EPSS 0.06%
Published 11.04.2016 21:59:08
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Cloudforms Management Engine Version5.4.4

Redhat ≫ Cloudforms Version3.2

Redhat ≫ Cloudforms Version4.0

Redhat ≫ Cloudforms Management Engine Version5.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.19

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	1.4	3.6	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://rhn.redhat.com/errata/RHSA-2015-2620.html

Vendor Advisory

https://access.redhat.com/errata/RHSA-2015:2551

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1283019

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-7502

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7502

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7502

EUVD