cvedb.io
CVE-2017-7530
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-07-26T13:29:00.247 · Last modified 2026-06-17T01:24:32.613

Summary

In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).

Affected products

redhat — cloudforms

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.