Vulnerabilities > CVE-2017-2664 - Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
redhat
NVD
Published: 2018-07-26
Updated: 2019-10-09

Summary

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.

Vulnerable Configurations

Part Description Count
Application
Redhat
23

Redhat

advisories
  • rhsa
    idRHSA-2017:1758
  • rhsa
    idRHSA-2017:3484
rpms
  • ansible-0:2.3.0.0-1.el7
  • ansible-tower-server-0:3.1.3-1.el7at
  • ansible-tower-setup-0:3.1.3-1.el7at
  • cfme-0:5.8.1.5-1.el7cf
  • cfme-appliance-0:5.8.1.5-1.el7cf
  • cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf
  • cfme-debuginfo-0:5.8.1.5-1.el7cf
  • cfme-gemset-0:5.8.1.5-1.el7cf
  • rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf
  • rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf
  • rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf
  • cfme-0:5.7.4.2-1.el7cf
  • cfme-appliance-0:5.7.4.2-1.el7cf
  • cfme-appliance-debuginfo-0:5.7.4.2-1.el7cf
  • cfme-debuginfo-0:5.7.4.2-1.el7cf
  • cfme-gemset-0:5.7.4.2-1.el7cf
  • rh-ruby23-rubygem-nokogiri-0:1.8.1-2.el7cf
  • rh-ruby23-rubygem-nokogiri-debuginfo-0:1.8.1-2.el7cf
  • rh-ruby23-rubygem-nokogiri-doc-0:1.8.1-2.el7cf

References