CVE-2017-2664 in CloudForms Management Enginethông tin

Tóm tắt

Bởi MITRE

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

Red Hat, Inc.

Đặt trước

30/11/2016

Tiết lộ

26/07/2018

Kiểm duyệt

được chấp nhận

mục

VDB-122205

CPE

sẵn sàng

CWE

CWE-264 (Đã xác nhận)

CVSS

6.5 (NVD)

EPSS

0.00220

KEV

không

Các hoạt động

rất thấp

ngành

Telecommunication, Education, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-2664
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2664
CVE Details	https://www.cvedetails.com/cve/CVE-2017-2664/

◂ Trước Tổng Quan Tiếp theo ▸

Interested in the pricing of exploits?

See the underground prices here!