Vulnerability Description
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms Management Engine | >= 5.8, <= 5.10 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108690
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123Issue TrackingVendor Advisory
- https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/
- http://www.securityfocus.com/bid/108690
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123Issue TrackingVendor Advisory
- https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/
FAQ
What is CVE-2017-15123?
CVE-2017-15123 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentia...
How severe is CVE-2017-15123?
CVE-2017-15123 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15123?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms Management Engine.