4.3

CVE-2016-7047

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatCloudforms Version4.2
RedhatCloudforms Version4.5
RedhatCloudforms Management Engine Version >= 5.6 < 5.6.3.0
RedhatCloudforms Management Engine Version >= 5.7 < 5.7.3.1
RedhatCloudforms Management Engine Version >= 5.8 < 5.8.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.33% 0.675
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
secalert@redhat.com 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://access.redhat.com/errata/RHSA-2017:1601
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1758
Vendor Advisory
http://www.securityfocus.com/bid/99329
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047
Vendor Advisory
Issue Tracking