Vulnerability Description
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms | 4.2 |
| Redhat | Cloudforms Management Engine | < 5.7.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100148Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1758Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3484Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664Issue TrackingVendor Advisory
- http://www.securityfocus.com/bid/100148Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1758Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3484Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664Issue TrackingVendor Advisory
FAQ
What is CVE-2017-2664?
CVE-2017-2664 is a vulnerability with a CVSS score of 6.5 (MEDIUM). CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a varie...
How severe is CVE-2017-2664?
CVE-2017-2664 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2664?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms, Redhat Cloudforms Management Engine.