CVE-2017-7497 Vulnerability Details

  /     /     /  

CVE-2017-7497 Metadata Quick Info

CVE Published: 27/07/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: redhat | Vendor: [UNKNOWN] | Product: CFME
Status : PUBLISHED

---

CVE-2017-7497 Description

The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: CWE-284
Source: [UNKNOWN]

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).