Lucene search

[email protected]CVE-2018-10905

HistoryJul 24, 2018 - 1:29 p.m.

CVE-2018-10905

2018-07-2413:29:00

CWE-284

CWE-78

[email protected]

web.nvd.nist.gov

cloudforms

management engine

cfme

druby

vulnerability

security

nvd

cve-2018-10905

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

Affected configurations

NVD

Node

redhatcloudformsMatch4.5

redhatcloudformsMatch4.6

redhatcloudforms_management_engineMatch5.8

redhatcloudforms_management_engineMatch5.9

CPENameOperatorVersion
redhat:cloudformsredhat cloudformseq4.5
redhat:cloudformsredhat cloudformseq4.6
redhat:cloudforms_management_engineredhat cloudforms management engineeq5.8
redhat:cloudforms_management_engineredhat cloudforms management engineeq5.9

CPE	Name	Operator	Version
redhat:cloudforms	redhat cloudforms	eq	4.5
redhat:cloudforms	redhat cloudforms	eq	4.6
redhat:cloudforms_management_engine	redhat cloudforms management engine	eq	5.8
redhat:cloudforms_management_engine	redhat cloudforms management engine	eq	5.9

CNA Affected

[
  {
    "product": "cfme",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

access.redhat.com/errata/RHSA-2018:2561

access.redhat.com/errata/RHSA-2018:2745

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Related for CVE-2018-10905

veracode1 cvelist1 prion1 nvd1 redhatcve1 redhat2 nessus1