CVE-2018-10905
HIGHCloudForms Management Engine - Privilege Escalation via dRuby Security Setting
Title source: llmDescription
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
References (3)
Core 3
Core References
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2745
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2561
Scores
CVSS v3
7.8
EPSS
0.0047
EPSS Percentile
37.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
CWE-78
Status
published
Products (4)
redhat/cloudforms
4.5
redhat/cloudforms
4.6
redhat/cloudforms_management_engine
5.8
redhat/cloudforms_management_engine
5.9
Published
Jul 24, 2018
Tracked Since
Feb 18, 2026