{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T13:55:10.287","vulnerabilities":[{"cve":{"id":"CVE-2017-7530","sourceIdentifier":"secalert@redhat.com","published":"2018-07-26T13:29:00.247","lastModified":"2024-11-21T03:32:05.543","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs)."},{"lang":"es","value":"En CloudForms Management Engine (cfme) en versiones anteriores a la 5.7.3 y versiones 5.8.x anteriores a la 5.8.1, se ha detectado que falta la comprobación de privilegios cuando se invocan métodos arbitrarios filtrando las máquinas virtuales que MiqExpression va a ejecutar. Esta condición puede ser desencadenada por los usuarios de la API. Un atacante podría utilizarlo para ejecutar acciones para las que no debería estar autorizado (por ejemplo, destruir máquinas virtuales)."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*","matchCriteriaId":"32E1BA91-4695-4E64-A9D7-4A6CB6904D41"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.3","matchCriteriaId":"B52B10CC-FCE3-4C84-A8D8-4DCA9EAB9F6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.0","versionEndExcluding":"5.8.1","matchCriteriaId":"D77E449C-9886-41FB-959C-EFBA7551CED9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/100151","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1758","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7530","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/100151","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1758","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7530","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}