CVE-2016-5402

Summary

A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]cfmen/aaffected

Weaknesses

  • CWE-94: CWE-94

ADP Enrichment

CVE Program Container

Additional References

References