CVE-2016-5402

A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
redhatcloudforms
4.1
redhatcloudforms_management_engine
5.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-2839.html
http://www.securityfocus.com/bid/94612
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402
http://rhn.redhat.com/errata/RHSA-2016-2839.html
http://www.securityfocus.com/bid/94612
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402