← back
CVE-2017-15103

CVE-2017-15103

EPSS 5.5%CWE-78
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 5.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
18 Dec 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
Affected products
Heketi · Heketi

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2017:3481https://access.redhat.com/security/cve/CVE-2017-15103https://bugzilla.redhat.com/show_bug.cgi?id=1510147