CVE-2015-7502
Last modified
CVE-2015-7502 is a vulnerability of currently unknown severity. Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms Management Engine | 5.4.4 |
| Redhat | Cloudforms | 3.2 |
| Redhat | Cloudforms | 4.0 |
| Redhat | Cloudforms Management Engine | 5.5.0 |
References
- http://rhn.redhat.com/errata/RHSA-2015-2620.htmlVendor Advisory
- https://access.redhat.com/errata/RHSA-2015:2551Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1283019Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-2620.htmlVendor Advisory
- https://access.redhat.com/errata/RHSA-2015:2551Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1283019Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-7502?
How severe is CVE-2015-7502?
How do I fix CVE-2015-7502?
Are you affected by CVE-2015-7502?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST