Arbitrary Code Execution Vulnerability in CFME Capacity and Utilization Feature

Arbitrary Code Execution Vulnerability in CFME Capacity and Utilization Feature

CVE-2016-5402 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.

Learn more about our User Device Pen Test.