Red Hat update for CloudForms 4.7.9

Sep 5, 2019 08:00 pm Cyber Security 338

Published: 2019-09-05 | Updated: 2019-09-05




Severity
Medium
Patch available
YES
Number of vulnerabilities
2
CVE ID
CVE-2019-11358CVE-2018-10854
CWE ID
CWE-400CWE-79
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #1 is available.
Vulnerable software
CloudForms Subscribe
Vendor
Red Hat Inc.

Security Advisory



1) Prototype pollution


Severity: Low


CVSSv3: 4.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C] [PCI]


CVE-ID: CVE-2019-11358


CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')


Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.


The vulnerability exists due to prototype pollution. A remote attacker can trick the extend function can into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that will then exist on all objects and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

CloudForms: 4.7.9


CPE
External links

https://access.redhat.com/errata/RHSA-2019:2587


Q & A


Can this vulnerability be exploited remotely?


Yes. This vulnerability can be exploited by a remote ..

Support the originator by clicking the read the rest link below.

update cloudforms
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!