CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-7502

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.2%

CVSS Severity

CVSS v3 Score 5.1

CVSS v2 Score 1.9

References

http://rhn.redhat.com/errata/RHSA-2015-2620.html
https://access.redhat.com/errata/RHSA-2015:2551
https://bugzilla.redhat.com/show_bug.cgi?id=1283019
http://rhn.redhat.com/errata/RHSA-2015-2620.html
https://access.redhat.com/errata/RHSA-2015:2551
https://bugzilla.redhat.com/show_bug.cgi?id=1283019

Products affected by CVE-2015-7502

Redhat » Cloudforms » Version: 3.2

cpe:2.3:a:redhat:cloudforms:3.2
Redhat » Cloudforms » Version: 4.0

cpe:2.3:a:redhat:cloudforms:4.0
Redhat » Cloudforms Management Engine » Version: 5.4.4

cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4
Redhat » Cloudforms Management Engine » Version: 5.5.0

cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-7502

Products

Pricing

Contact Us