CVE-2020-10778

EPSS 0.36%
Veröffentlicht 11.08.2020 13:15:12
Zuletzt bearbeitet 21.11.2024 04:56:03
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Cloudforms Version4.7

Redhat ≫ Cloudforms Version5.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.552

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	1.2	4.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-669 Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

https://access.redhat.com/security/cve/cve-2020-10778

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1847628

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-10778

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10778

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10778

EUVD