CVE-2018-10905 HIGH

CVE-2018-10905

Vendor [Unknown]
Product cfme
Weakness CWE-284
Published July 24, 2018
Last update August 5, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

Key dates

02Disclosure timeline

July 24, 2018 CVE published
August 5, 2024 Record updated