Vulnerability Details CVE-2016-7040
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2016-7040
-
cpe:2.3:a:redhat:cloudforms_management_engine:4.1