CVE-2016-7047

Summary

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.

Affected Software

VendorProductVersion RangeStatus
Red Hatcfme5.8.1.2affected
Red Hatcfme5.7.3.1affected
Red Hatcfme5.6.3.0affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References