Vulnerability Description
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms | 4.2 |
| Redhat | Cloudforms Management Engine | >= 5.6, < 5.6.3.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99329Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1601Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1758Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047Issue TrackingVendor Advisory
- http://www.securityfocus.com/bid/99329Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1601Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1758Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047Issue TrackingVendor Advisory
FAQ
What is CVE-2016-7047?
CVE-2016-7047 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants...
How severe is CVE-2016-7047?
CVE-2016-7047 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7047?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms, Redhat Cloudforms Management Engine.