CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-5402

A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.033

EPSS Ranking 86.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

http://rhn.redhat.com/errata/RHSA-2016-2839.html
http://www.securityfocus.com/bid/94612
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402
http://rhn.redhat.com/errata/RHSA-2016-2839.html
http://www.securityfocus.com/bid/94612
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402

Products affected by CVE-2016-5402

Redhat » Cloudforms » Version: 4.1

cpe:2.3:a:redhat:cloudforms:4.1
Redhat » Cloudforms Management Engine » Version: 5.6

cpe:2.3:a:redhat:cloudforms_management_engine:5.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-5402

Products

Pricing

Contact Us