CVE-2015-7502: Infoleak
First published: Wed Nov 18 2015(Updated: )
Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Cloudforms Management Engine | =5.4.4 | |
| Redhat Cloudforms | =3.2 | |
| Redhat Cloudforms | =4.0 | |
| Redhat Cloudforms Management Engine | =5.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-7502
- agent/tags
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat cloudforms management engine
- version/redhat cloudforms management engine/5.4.4
- canonical/redhat cloudforms
- version/redhat cloudforms/3.2
- version/redhat cloudforms/4.0
- version/redhat cloudforms management engine/5.5.0