{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-04T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "93893", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93893"}, {"name": "RHSA-2016:1996", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1996.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7040", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93893", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93893"}, {"name": "RHSA-2016:1996", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1996.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:50:47.230Z"}, "title": "CVE Program Container", "references": [{"name": "93893", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93893"}, {"name": "RHSA-2016:1996", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1996.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7040", "datePublished": "2016-10-07T14:00:00.000Z", "dateReserved": "2016-08-23T00:00:00.000Z", "dateUpdated": "2024-08-06T01:50:47.230Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "CBB27CAF-0F2B-411E-A8F1-B91B214B8B10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections."}, {"lang": "es", "value": "Red Hat CloudForms Management Engine 4.1 no maneja adecuadamente expresiones regulares pasadas al motor de expresi\u00f3n a trav\u00e9s de la API JSON y la interfaz de usuario basada en web, lo que permite a usuarios remotos autenticados ejecutar comandos shell arbitrarios aprovechando la capacidad de ver y filtrar colecciones."}], "id": "CVE-2016-7040", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-07T14:59:07.083", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1996.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/93893"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1996.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93893"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Tim Wade (Red Hat).", "affected_release": [{"advisory": "RHSA-2016:1996", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "cfme-0:5.6.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-10-04T00:00:00Z"}, {"advisory": "RHSA-2016:1996", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "cfme-appliance-0:5.6.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-10-04T00:00:00Z"}, {"advisory": "RHSA-2016:1996", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "cfme-gemset-0:5.6.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-10-04T00:00:00Z"}, {"advisory": "RHSA-2016:1996", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "rh-ruby22-rubygem-nokogiri-0:1.6.8-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-10-04T00:00:00Z"}, {"advisory": "RHSA-2016:1996", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "rh-ruby22-rubygem-pkg-config-0:1.1.7-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-10-04T00:00:00Z"}, {"advisory": "RHSA-2016:1996", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.6::el7", "package": "rh-ruby22-rubygem-thin-0:1.7.0-1.el7cf", "product_name": "CloudForms Management Engine 5.6", "release_date": "2016-10-04T00:00:00Z"}], "bugzilla": {"description": "cfme: Incorrect sanitization in regular expression engine", "id": "1375089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375089"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.", "An input validation flaw was found in the way CloudForms regular expressions were passed to the expression engine via both the JSON API and the web based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the privileges of the CloudForms process."], "name": "CVE-2016-7040", "package_state": [{"cpe": "cpe:/a:cloudforms_managementengine:5.2", "fix_state": "Affected", "package_name": "cfme", "product_name": "CloudForms Management Engine 5.2"}, {"cpe": "cpe:/a:cloudforms_managementengine:5.3", "fix_state": "Affected", "package_name": "cfme", "product_name": "CloudForms Management Engine 5.3"}, {"cpe": "cpe:/a:cloudforms_managementengine:5.4", "fix_state": "Affected", "package_name": "cfme", "product_name": "CloudForms Management Engine 5.4"}, {"cpe": "cpe:/a:cloudforms_managementengine:5.5", "fix_state": "Will not fix", "package_name": "cfme", "product_name": "CloudForms Management Engine 5.5"}, {"cpe": "cpe:/a:cloudforms_managementengine:5.6", "fix_state": "Affected", "package_name": "cfme", "product_name": "CloudForms Management Engine 5.6"}, {"cpe": "cpe:/a:cloudforms_managementengine:5.7", "fix_state": "Affected", "package_name": "cfme", "product_name": "CloudForms Management Engine 5.7"}], "public_date": "2016-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7040\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7040"], "threat_severity": "Important"}

{}