CVE-2015-7502

CWE-200 — Information Exposure CWE-522 — Insufficiently Protected Credentials5 documents5 sources

Severity

5.1MEDIUM

EPSS

0.1%

top 81.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms Redhat Cloudforms Management Engine

Timeline

PublishedApr 11

Latest updateMay 17

Description

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/cloudforms_management_engine5.4.4, 5.5.0+1

▶NVDredhat/cloudforms3.2, 4.0+1

🔴Vulnerability Details

GHSA

GHSA-vhf3-65mf-c545: Red Hat CloudForms 3↗2022-05-17

▶

CVEList

CVE-2015-7502: Red Hat CloudForms 3↗2016-04-11

▶

📋Vendor Advisories

Red Hat

CloudForms: insecure password storage in PostgreSQL database↗2015-11-18

▶

💬Community

Bugzilla

CVE-2015-7502 CloudForms: insecure password storage in PostgreSQL database↗2015-11-18

▶