Vulnerability identifier: #VU45880
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-862
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
CloudForms
Client/Desktop applications /
Multimedia software
Vendor: Red Hat Inc.
Description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.
Mitigation
Install update from vendor's website.
Vulnerable software versions
CloudForms: 4.7 - 5.0.0
External links
http://access.redhat.com/security/cve/cve-2020-10779
http://bugzilla.redhat.com/show_bug.cgi?id=1847647
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.