4.3
CVE-2017-7497
- EPSS 0.12%
- Veröffentlicht 27.07.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:01
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Cloudforms Management Engine Version5.7.2
Redhat ≫ Cloudforms Management Engine Version5.8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.317 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
| secalert@redhat.com | 4.1 | 0.7 | 3.4 |
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.