CVE-2016-7047

CWE-200 — Information Exposure5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 44.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms Management Engine RED HAT Cfme Redhat Cloudforms

Timeline

PublishedSep 11

Latest updateMay 13

Description

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDredhat/cloudforms_management_engine5.6 — 5.6.3.0+2

▶NVDredhat/cloudforms4.2, 4.5+1

▶CVEListV5red_hat/cfme5.6.3.0, 5.7.3.1, 5.8.1.2+2

🔴Vulnerability Details

GHSA

GHSA-2499-9m7g-hrw5: A flaw was found in the CloudForms API before 5↗2022-05-13

▶

CVEList

CVE-2016-7047: A flaw was found in the CloudForms API before 5↗2018-09-11

▶

📋Vendor Advisories

Red Hat

cfme: API leaks any MiqReportResult↗2017-06-28

▶

💬Community

Bugzilla

CVE-2016-7047 cfme: API leaks any MiqReportResult↗2016-09-08

▶