CVE-2016-7071
published 2018-09-10CVE-2016-7071: It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | cfme | — | — |
| red_hat | cfme | — | — |
| redhat | cloudforms | — | — |
| redhat | cloudforms_management_engine | < 5.6.2.2 | 5.6.2.2 |
| redhat | cloudforms_management_engine | >= 5.7.0.0 < 5.7.0.7 | 5.7.0.7 |