CVE-2017-2664
Last modified
CVE-2017-2664 is a vulnerability of currently unknown severity. CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.. EPSS estimates a 1.32% chance of exploitation in the next 30 days.
Description
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms | 4.2 |
| Redhat | Cloudforms | 4.6 |
| Redhat | Cloudforms Management Engine | < 5.7.3 |
| Redhat | Cloudforms Management Engine | >= 5.8, < 5.8.1 |
References
- http://www.securityfocus.com/bid/100148Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2017:1758Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3484Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664Issue Tracking, Vendor Advisory
- http://www.securityfocus.com/bid/100148Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2017:1758Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3484Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2664?
How severe is CVE-2017-2664?
How do I fix CVE-2017-2664?
Are you affected by CVE-2017-2664?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST