High severity8.8NVD Advisory· Published Jul 26, 2018· Updated Jun 17, 2026
CVE-2017-7530
CVE-2017-7530
Description
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Red Hat/cfmev5Range: 5.7.3
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/100151nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:1758nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.