{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-18T00:00:00", "descriptions": [{"lang": "en", "value": "The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving \"Lack of field filters.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-08-26T13:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "92585", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92585"}, {"name": "RHSA-2016:1634", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1634.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-5383", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving \"Lack of field filters.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92585", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92585"}, {"name": "RHSA-2016:1634", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1634.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:01:00.073Z"}, "title": "CVE Program Container", "references": [{"name": "92585", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92585"}, {"name": "RHSA-2016:1634", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1634.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-5383", "datePublished": "2016-08-26T14:00:00", "dateReserved": "2016-06-10T00:00:00", "dateUpdated": "2024-08-06T01:01:00.073Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF303B35-7EBD-44D3-90FB-2B6295FCEB86", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving \"Lack of field filters.\""}, {"lang": "es", "value": "La web UI en Red hat CloudForms 4.1 permite a usuarios remotos autenticados ejecutar un c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con \"falta de filtros de campo\"."}], "id": "CVE-2016-5383", "lastModified": "2016-08-26T19:12:41.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-26T14:59:02.277", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1634.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92585"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Eric Hayes (Red Hat).", "affected_release": [{"advisory": "RHSA-2016:1634", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "cfme-0:5.6.1.2-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1634", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "cfme-appliance-0:5.6.1.2-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1634", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "cfme-gemset-0:5.6.1.2-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1634", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "google-compute-engine-0:2.0.0-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1634", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "google-config-0:2.0.0-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-08-18T00:00:00Z"}], "bugzilla": {"description": "CloudForms: Lack of field filters on user input", "id": "1353722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353722"}, "csaw": false, "cvss": {"cvss_base_score": "6.3", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:C/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving \"Lack of field filters.\"", "It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms."], "name": "CVE-2016-5383", "public_date": "2016-08-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-5383\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5383"], "threat_severity": "Important", "upstream_fix": "cfme 5.6.1.2"}