Improper access control in CloudForms - CVE-2016-5383

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU40134

Improper access control in CloudForms - CVE-2016-5383

Published: August 26, 2016 / Updated: August 9, 2020


Vulnerability identifier: #VU40134
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-5383
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Red Hat Inc.
Affected software:
CloudForms

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."


How to mitigate CVE-2016-5383

Install update from vendor's website.

Sources