Improper access control in CloudForms
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-5383 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
CloudForms Client/Desktop applications / Multimedia software |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Improper access control
EUVDB-ID: #VU40134
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5383
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
MitigationInstall update from vendor's website.
Vulnerable software versionsCloudForms: 4.1
External linkshttp://rhn.redhat.com/errata/RHSA-2016-1634.html
http://www.securityfocus.com/bid/92585
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
