← back
CVE-2017-2664

CVE-2017-2664

CVSS 6.5 MEDIUMEPSS 1.3%CWE-284
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
26 Jul 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
Red Hat · CloudForms

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2017:1758https://access.redhat.com/errata/RHSA-2017:3484https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664http://www.securityfocus.com/bid/100148