cvedb.io
CVE-2017-2653
MEDIUM · CVSS 4.1
EPSS exploitation probability: 0%
Published 2018-07-27T18:29:01.140 · Last modified 2026-06-17T01:16:35.877

Summary

A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute.

Affected products

redhat — cloudforms_management_engine

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.