Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-07T14:00:00

Updated: 2024-08-06T01:50:47.230Z

Reserved: 2016-08-23T00:00:00

Link: CVE-2016-7040

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-10-07T14:59:07.083

Modified: 2016-11-28T20:37:02.030

Link: CVE-2016-7040

cve-icon Redhat

Severity : Important

Publid Date: 2016-10-04T00:00:00Z

Links: CVE-2016-7040 - Bugzilla