Vulnerability Details CVE-2017-2632
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.2%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
Products affected by CVE-2017-2632
-
cpe:2.3:a:redhat:cloudforms:4.2
-
cpe:2.3:a:redhat:cloudforms_management_engine:-
-
cpe:2.3:a:redhat:cloudforms_management_engine:2.0
-
cpe:2.3:a:redhat:cloudforms_management_engine:4.1
-
cpe:2.3:a:redhat:cloudforms_management_engine:4.7
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.0
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.1
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.2
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.3
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.6
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.6.3
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.6.3.0
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.7
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.7.0
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.7.1