CVE-2016-3702
https://notcve.org/view.php?id=CVE-2016-3702
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. Fallo de padding oracle en CloudForms Management Engine (vulnerabilidad también conocida como CFME) 5 permite a atacantes remotos obtener información sensible en texto. • https://bugzilla.redhat.com/show_bug.cgi?id=1330179 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-2653 – CloudForms: UI security issue on Openstack actions
https://notcve.org/view.php?id=CVE-2017-2653
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute. Una serie de rutas de borrado no utilizadas están presentes en CloudForms en versiones anteriores a la 5.7.2.1, a las que se puede acceder a través de peticiones GET en lugar de sólo peticiones POST. Esto podría permitir a un atacante omitir la protección protect_from_forgery XSRF que provoca el uso de esas rutas. • http://www.securityfocus.com/bid/96964 https://access.redhat.com/errata/RHSA-2017:0898 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2653 https://access.redhat.com/security/cve/CVE-2017-2653 https://bugzilla.redhat.com/show_bug.cgi?id=1432174 • CWE-20: Improper Input Validation •
CVE-2017-2632 – cfme: tenant administrator can create a group with higher permissions
https://notcve.org/view.php?id=CVE-2017-2632
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges. Un error lógico en valid_role() en la validación de roles de CloudForms en versiones anteriores a la 5.7.1.3 podría permitir a un administrador inquilino crear grupos con un nivel de privilegios superior al que debería tener el administrador inquilino. Esto permitiría a un atacante con acceso de administración de inquilinos elevar privilegios. A logic error in valid_role() in CloudForms role validation could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. • http://rhn.redhat.com/errata/RHSA-2017-0320.html http://www.securityfocus.com/bid/96478 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2632 https://access.redhat.com/security/cve/CVE-2017-2632 https://bugzilla.redhat.com/show_bug.cgi?id=1424977 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVE-2016-5402 – cfme: RCE via Capacity & Utilization feature
https://notcve.org/view.php?id=CVE-2016-5402
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. Se ha encontrado un error de inyección de código en la forma en la que se procesan los archivos de control de capacidad y utilización importados. Un atacante autenticado remoto con acceso a la característica de capacidad y utilización podría emplear este error para ejecutar código arbitrario como el usuario como el que se ejecuta CFME. • http://rhn.redhat.com/errata/RHSA-2016-2839.html http://www.securityfocus.com/bid/94612 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402 https://access.redhat.com/security/cve/CVE-2016-5402 https://bugzilla.redhat.com/show_bug.cgi?id=1357559 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2016-7071 – CFME: bypass authorization by altering VM ID
https://notcve.org/view.php?id=CVE-2016-7071
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. Se ha descubierto que CloudForms en versiones anteriores a la 5.6.2.2 y versiones 5.7.0.7 no aplicó correctamente controles de permisos a los ID de las máquinas virtuales pasados por los usuarios. Un atacante autenticado remoto podría emplear este error para ejecutar máquinas virtuales en sistemas gestionados por CloudForms si conoce el ID de la máquina It was found that the CloudForms did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. • http://rhn.redhat.com/errata/RHSA-2016-2091.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7071 https://access.redhat.com/security/cve/CVE-2016-7071 https://bugzilla.redhat.com/show_bug.cgi?id=1383124 • CWE-285: Improper Authorization •