CVE-2015-7502

low-risk

Published 2016-04-11

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.1/10 Medium

LOCAL / HIGH complexity

Affected Products (4)

Cloudforms Management Engine

Cloudforms

Cloudforms Management Engine

Cloudforms

Affected Vendors

Redhat

References (6)

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2015-2620.html

Vendor Advisory https://access.redhat.com/errata/RHSA-2015:2551

Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1283019

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2015-2620.html

Vendor Advisory https://access.redhat.com/errata/RHSA-2015:2551

Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1283019

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 10/34 · Low