Published: 27/07/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Subscribe to Cloudforms Management Engine

A logic error in valid_role() in CloudForms role validation prior to 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat cloudforms management engine
redhat cloudforms 4.2

Synopsis Moderate: CFME 571 bug fixes and enhancement update Type/Severity Security Advisory: Moderate Topic Updated cfme packages that fix bugs and add various enhancementsare now available for Red Hat CloudForms 42 Description Red Hat CloudForms Management Engine delivers the insight, ...

A logic error in valid_role() in CloudForms role validation could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have This would allow an attacker with tenant administration access to elevate privileges ...

CWE-863 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2632 http://www.securityfocus.com/bid/96478 http://rhn.redhat.com/errata/RHSA-2017-0320.html https://access.redhat.com/errata/RHSA-2017:0320 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-2632

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-2632

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect