CVE-2018-10905
7.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | cfme | n/a | affected |
Weaknesses
- CWE-284: CWE-284
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905
- https://access.redhat.com/errata/RHSA-2018:2745
- https://access.redhat.com/errata/RHSA-2018:2561
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905
- https://access.redhat.com/errata/RHSA-2018:2745
- https://access.redhat.com/errata/RHSA-2018:2561
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.