CVE-2017-2664
CloudForms: lack of RBAC on various methods in web UI
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
CloudForms Management Engine (cfme) en versiones anteriores a la 5.7.3 y 5.8.x anteriores a la 5.8.1 carece de controles RBAC en determinados métodos en la parte de la aplicación rails de CloudForms. Un atacante con acceso podría utilizar una variedad de métodos en la parte de la aplicación rails de CloudForms para escalar privilegios.
CloudForms lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails applications portion of CloudForms to escalate privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-08-03 CVE Published
- 2024-05-10 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100148 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:1758 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2017:3484 | 2019-10-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664 | 2019-10-09 | |
| https://access.redhat.com/security/cve/CVE-2017-2664 | 2017-12-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1435393 | 2017-12-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 4.2 Search vendor "Redhat" for product "Cloudforms" and version "4.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 4.6 Search vendor "Redhat" for product "Cloudforms" and version "4.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms Management Engine Search vendor "Redhat" for product "Cloudforms Management Engine" | < 5.7.3 Search vendor "Redhat" for product "Cloudforms Management Engine" and version " < 5.7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms Management Engine Search vendor "Redhat" for product "Cloudforms Management Engine" | >= 5.8 < 5.8.1 Search vendor "Redhat" for product "Cloudforms Management Engine" and version " >= 5.8 < 5.8.1" | - |
Affected
| ||||||