CVE-2017-7530

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-7530

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7530.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7530

Downstream

RHSA-2017:1758

Published

2018-07-26T13:29:00.247Z

Modified

2026-03-13T23:19:33.875913Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7530.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "5.7.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.8.0"
            },
            {
                "fixed": "5.8.1"
            }
        ]
    }
]