CVE-2017-15123
MEDIUMRed Hat CloudForms Management Engine 5.8-5.10 - Unauthenticated Sensitive Information Exposure via RSS Feed
Title source: llmDescription
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108690
Various Sources x_refsource_misc
https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/
Scores
CVSS v3
5.3
EPSS
0.0143
EPSS Percentile
69.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
redhat/cloudforms_management_engine
5.8 - 5.10
Published
Jun 12, 2019
Tracked Since
Feb 18, 2026