PT-2018-10173 · Red Hat · Cloudforms Management Engine

Published

2018-07-24

Updated

2019-10-09

CVE-2018-10905

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CloudForms Management Engine (cfme) (affected versions not specified)

Description The issue is related to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could exploit this flaw to execute commands as a high privileged user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-284

Related Identifiers

CVE-2018-10905

RHSA-2018:2561

RHSA-2018:2745

Affected Products

Cloudforms Management Engine

PT-2018-10173 · Red Hat · Cloudforms Management Engine

CVE-2018-10905

Weakness Enumeration

Related Identifiers

Affected Products

References · 5