PT-2016-3798 · Postgresql+1 · Postgresql+1
Kurt Seifried
·
Published
2016-04-11
·
Updated
2023-02-13
·
CVE-2015-7502
CVSS v2.0
1.9
Low
| Vector | AV:L/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat CloudForms 3.2 Management Engine (CFME) version 5.4.4
Red Hat CloudForms 4.0 Management Engine (CFME) version 5.5.0
Description
The issue is related to improper encryption of data in the backend PostgreSQL database. This might allow local users to obtain sensitive data and gain privileges by accessing database exports or log files.
Recommendations
For Red Hat CloudForms 3.2 Management Engine (CFME) version 5.4.4, update to a version that properly encrypts data in the backend PostgreSQL database.
For Red Hat CloudForms 4.0 Management Engine (CFME) version 5.5.0, update to a version that properly encrypts data in the backend PostgreSQL database.
As a temporary workaround, consider restricting access to database exports and log files to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Postgresql
Red Hat Cloudforms