CVE-2016-5383
CloudForms: Lack of field filters on user input
Severity Score
Exploit Likelihood
Affected Versions
1Public Exploits
0Exploited in Wild
-Decision
Descriptions
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
La web UI en Red hat CloudForms 4.1 permite a usuarios remotos autenticados ejecutar un código arbitrario a través de vectores relacionados con "falta de filtros de campo".
It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms.
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-06-10 CVE Reserved
- 2016-08-21 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-284: Improper Access Control
CAPEC
References (4)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|