PT-2018-10173 · Red Hat · Cloudforms Management Engine

Publicado

2018-07-24

Atualizado

2019-10-09

CVE-2018-10905

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CloudForms Management Engine (cfme) (affected versions not specified)

Description The issue is related to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could exploit this flaw to execute commands as a high privileged user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-284

Identificadores relacionados

CVE-2018-10905

RHSA-2018:2561

RHSA-2018:2745

Produtos afetados

Cloudforms Management Engine

PT-2018-10173 · Red Hat · Cloudforms Management Engine

CVE-2018-10905

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5