CVE-2020-10778 — MEDIUM (6.0)

Vulnerability Description

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Redhat	Cloudforms	4.7

Related Weaknesses (CWE)

CWE-669

References

https://access.redhat.com/security/cve/cve-2020-10778Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1847628Issue TrackingVendor Advisory
https://access.redhat.com/security/cve/cve-2020-10778Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1847628Issue TrackingVendor Advisory

FAQ

What is CVE-2020-10778?

CVE-2020-10778 is a vulnerability with a CVSS score of 6.0 (MEDIUM). In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business...

How severe is CVE-2020-10778?

CVE-2020-10778 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-10778?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms.