CVE-2017-7497
First published: Thu May 11 2017(Updated: )
Gellert Kis of Red Hat reports: Dialog for creating cloud volumes (cinder provider) does not filter cloud tenants for user. In this way users can create storage volumes in any tenant. Not only in their own tenant. This currently affects CFME 5.7.2 and 5.8.0.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat CloudForms Management Engine | =5.7.2 | |
| Red Hat CloudForms Management Engine | =5.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7497?
CVE-2017-7497 is classified as a medium severity vulnerability due to its potential for unauthorized access to create storage volumes across tenants.
How do I fix CVE-2017-7497?
To fix CVE-2017-7497, upgrade the Red Hat CloudForms Management Engine to version 5.8.1 or later.
What versions of software are affected by CVE-2017-7497?
CVE-2017-7497 affects Red Hat CloudForms Management Engine versions 5.7.2 and 5.8.0.
What is the impact of CVE-2017-7497?
The impact of CVE-2017-7497 allows users to create storage volumes in any cloud tenant, leading to potential data exposure.
Who reported CVE-2017-7497?
CVE-2017-7497 was reported by Gellert Kis of Red Hat.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7497
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/source
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat cloudforms management engine
- version/red hat cloudforms management engine/5.7.2
- version/red hat cloudforms management engine/5.8.0