CVE-2017-2664

Summary

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.

Affected Software

VendorProductVersion RangeStatus
Red HatCloudForms5.7.3affected
Red HatCloudForms5.8.1affected

Weaknesses

  • CWE-284: CWE-284

ADP Enrichment

CVE Program Container

Additional References

References