Vulnerabilities > CVE-2020-10779 - Missing Authorization vulnerability in Redhat Cloudforms 4.7/5.0.0

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redhat
CWE-862

Summary

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.

Vulnerable Configurations

Part Description Count
Application
Redhat
2

Common Weakness Enumeration (CWE)