CVE-2018-10905

HIGH

CloudForms Management Engine - Privilege Escalation via dRuby Security Setting

Title source: llm
STIX 2.1

Description

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

References (3)

Core 3
Core References
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2745
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2561

Scores

CVSS v3 7.8
EPSS 0.0047
EPSS Percentile 37.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284 CWE-78
Status published
Products (4)
redhat/cloudforms 4.5
redhat/cloudforms 4.6
redhat/cloudforms_management_engine 5.8
redhat/cloudforms_management_engine 5.9
Published Jul 24, 2018
Tracked Since Feb 18, 2026