CVE-2016-7047

A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
redhatCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
redhatcloudforms
4.2
redhatcloudforms
4.5
redhatcloudforms_management_engine
5.6 ≤
𝑥
< 5.6.3.0
redhatcloudforms_management_engine
5.7 ≤
𝑥
< 5.7.3.1
redhatcloudforms_management_engine
5.8 ≤
𝑥
< 5.8.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99329
https://access.redhat.com/errata/RHSA-2017:1601
https://access.redhat.com/errata/RHSA-2017:1758
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047
http://www.securityfocus.com/bid/99329
https://access.redhat.com/errata/RHSA-2017:1601
https://access.redhat.com/errata/RHSA-2017:1758
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047