Vulnerabilities > CVE-2016-5402 - Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

redhat

NVD

Published: 2018-10-31

Updated: 2024-11-21

Summary

A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Cloudforms 4.1 Redhat Cloudforms Management Engine 5.6	2

Redhat

advisories

rhsa

id	RHSA-2016:2839

rpms

cfme-0:5.6.3.3-1.el7cf
cfme-appliance-0:5.6.3.3-1.el7cf
cfme-appliance-debuginfo-0:5.6.3.3-1.el7cf
cfme-debuginfo-0:5.6.3.3-1.el7cf
cfme-gemset-0:5.6.3.3-1.el7cf
freeipmi-0:1.5.1-2.el7cf
freeipmi-bmc-watchdog-0:1.5.1-2.el7cf
freeipmi-debuginfo-0:1.5.1-2.el7cf
freeipmi-devel-0:1.5.1-2.el7cf
freeipmi-ipmidetectd-0:1.5.1-2.el7cf
freeipmi-ipmiseld-0:1.5.1-2.el7cf

Summary

Vulnerable Configurations

Redhat

References