CVE-2020-10778

EPSS 0.36%
Published 11.08.2020 13:15:12
Last modified 21.11.2024 04:56:03
Source secalert@redhat.com
Teams watchlist Login
Open Login

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Cloudforms Version4.7

Redhat ≫ Cloudforms Version5.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.36%	0.552

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6	1.2	4.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-669 Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

https://access.redhat.com/security/cve/cve-2020-10778

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1847628

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-10778

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10778

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10778

EUVD