CVE-2016-7071

Summary

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.

Affected Software

VendorProductVersion RangeStatus
Red HatCFME5.6.2.2affected
Red HatCFME5.7.0.7affected

Weaknesses

  • CWE-285: CWE-285

ADP Enrichment

CVE Program Container

Additional References

References