Privilege Escalation in CloudForms Management Engine

CVE-2017-2664 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.

Learn more about our Web Application Penetration Testing UK.