CVE-2016-4475

Name: CVE-2016-4475
Creator: NVD / NIST
Published: 2016-08-19T21:59:09.43+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.67%

Last modified Jun 17, 2026

CVE-2016-4475 is a vulnerability of currently unknown severity. The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.. EPSS estimates a 2.67% chance of exploitation in the next 30 days.

Description

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.

Metrics

EPSS Probability

2.67%

83.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-254

Affected Software

Vendor	Product	Versions
Theforeman	Foreman	<= 1.11.3
Theforeman	Foreman	1.12.0

References

http://projects.theforeman.org/issues/15268Patch, Vendor Advisory
http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9Patch, Vendor Advisory
http://www.securityfocus.com/bid/92125Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHBA-2016:1615
https://theforeman.org/security.html#2016-4475Vendor Advisory
http://projects.theforeman.org/issues/15268Patch, Vendor Advisory
http://projects.theforeman.org/projects/foreman/repository/revisions/a30ab44ed6f140f1791afc51a1e448afc2ff28f9Patch, Vendor Advisory
http://www.securityfocus.com/bid/92125Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHBA-2016:1615
https://theforeman.org/security.html#2016-4475Vendor Advisory

Timeline

Published: Aug 19, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-4475?

How severe is CVE-2016-4475?

Severity scoring for CVE-2016-4475 is pending analysis. The EPSS model estimates a 2.67% probability of exploitation in the next 30 days.

How do I fix CVE-2016-4475?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-4475?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST