Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to Red Hat, Inc. - CloudForms

cve-2017-12191

Vulnerability from cvelistv5

Published

2018-02-28 13:00

Modified

2024-08-05 18:28

Severity ?

Summary

A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2018:0374	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1500517	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Red Hat, Inc.

CloudForms

Version: Through 5.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.718Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0374",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0374"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500517"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CloudForms",
          "vendor": "Red Hat, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Through 5.9"
            }
          ]
        }
      ],
      "datePublic": "2018-02-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-01T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:0374",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0374"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500517"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-12191",
    "datePublished": "2018-02-28T13:00:00Z",
    "dateReserved": "2017-08-01T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}