VDB
CVE-2018-10905
CVE-2018-10905
PUBLISHED
CVSS 7.800000190734863 HIGH
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
EPSS 0.11% · 28.6th percentile
Risk Scores
CVSS 3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.11%
28.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | cloudforms_management_engine | 5.8, 5.9 |
| [UNKNOWN] | cfme | n/a |
| redhat | cloudforms | 4.5, 4.6 |
Timeline
- Jul 24, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905 url
- RHSA-2018:2745 vendor-advisory
- RHSA-2018:2561 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-10905 advisory