CVE-2015-7502

MEDIUM

Red Hat CloudForms <5.4.4-5.5.0 - Info Disclosure

Title source: llm

Description

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.

References (3)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2015-2620.html

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2015:2551

[Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1283019

Scores

CVSS v3 5.1

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (4)

redhat/cloudforms_management_engine

redhat/cloudforms

redhat/cloudforms_management_engine

Timeline

Published Apr 11, 2016

Tracked Since Feb 18, 2026