VYPR
High severity8.8NVD Advisory· Published Jul 26, 2018· Updated Jun 17, 2026

CVE-2017-7530

CVE-2017-7530

Description

In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • Red Hat/cfmev5
    Range: 5.7.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.