CVE-2017-15123
First published: Wed Jun 12 2019(Updated: )
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Cloudforms Management Engine | >=5.8<=5.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-15123?
CVE-2017-15123 is a vulnerability in the CloudForms web interface that allows unauthenticated users to view potentially sensitive information.
What is the severity of CVE-2017-15123?
The severity of CVE-2017-15123 is medium with a CVSS score of 5.3.
How does CVE-2017-15123 affect Redhat Cloudforms Management Engine?
CVE-2017-15123 affects Redhat Cloudforms Management Engine versions 5.8 to 5.10.
What can an attacker do with CVE-2017-15123?
An attacker can use CVE-2017-15123 to view potentially sensitive information from CloudForms, such as newly created virtual machines.
How to fix CVE-2017-15123?
To fix CVE-2017-15123, users should update their CloudForms web interface to a version that restricts RSS feed URLs to authenticated users only.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat cloudforms management engine
- version/redhat cloudforms management engine/5.8
- version/redhat cloudforms management engine/5.10