CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7530

In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2017-7530

Redhat » Cloudforms » Version: 4.5

cpe:2.3:a:redhat:cloudforms:4.5
Redhat » Cloudforms Management Engine » Version: N/A

cpe:2.3:a:redhat:cloudforms_management_engine:-
Redhat » Cloudforms Management Engine » Version: 2.0

cpe:2.3:a:redhat:cloudforms_management_engine:2.0
Redhat » Cloudforms Management Engine » Version: 4.1

cpe:2.3:a:redhat:cloudforms_management_engine:4.1
Redhat » Cloudforms Management Engine » Version: 4.7

cpe:2.3:a:redhat:cloudforms_management_engine:4.7
Redhat » Cloudforms Management Engine » Version: 5.0

cpe:2.3:a:redhat:cloudforms_management_engine:5.0
Redhat » Cloudforms Management Engine » Version: 5.1

cpe:2.3:a:redhat:cloudforms_management_engine:5.1
Redhat » Cloudforms Management Engine » Version: 5.2

cpe:2.3:a:redhat:cloudforms_management_engine:5.2
Redhat » Cloudforms Management Engine » Version: 5.3

cpe:2.3:a:redhat:cloudforms_management_engine:5.3
Redhat » Cloudforms Management Engine » Version: 5.4.4

cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4
Redhat » Cloudforms Management Engine » Version: 5.5.0

cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0
Redhat » Cloudforms Management Engine » Version: 5.6

cpe:2.3:a:redhat:cloudforms_management_engine:5.6
Redhat » Cloudforms Management Engine » Version: 5.6.3

cpe:2.3:a:redhat:cloudforms_management_engine:5.6.3
Redhat » Cloudforms Management Engine » Version: 5.6.3.0

cpe:2.3:a:redhat:cloudforms_management_engine:5.6.3.0
Redhat » Cloudforms Management Engine » Version: 5.7

cpe:2.3:a:redhat:cloudforms_management_engine:5.7
Redhat » Cloudforms Management Engine » Version: 5.7.0

cpe:2.3:a:redhat:cloudforms_management_engine:5.7.0
Redhat » Cloudforms Management Engine » Version: 5.7.1

cpe:2.3:a:redhat:cloudforms_management_engine:5.7.1
Redhat » Cloudforms Management Engine » Version: 5.7.1.3

cpe:2.3:a:redhat:cloudforms_management_engine:5.7.1.3
Redhat » Cloudforms Management Engine » Version: 5.7.2

cpe:2.3:a:redhat:cloudforms_management_engine:5.7.2
Redhat » Cloudforms Management Engine » Version: 5.7.2.1

cpe:2.3:a:redhat:cloudforms_management_engine:5.7.2.1
Redhat » Cloudforms Management Engine » Version: 5.8.0

cpe:2.3:a:redhat:cloudforms_management_engine:5.8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7530

Products

Pricing

Contact Us