{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for CloudForms Management Engine 5.8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nRed Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nThe following packages have been upgraded to a later upstream version:\nansible (2.3.0.0), ansible-tower (3.1.3), cfme (5.8.1.5), cfme-appliance\n(5.8.1.5), cfme-gemset (5.8.1.5), rh-ruby23-rubygem-nokogiri (1.7.2).\n(BZ#1456017, BZ#1459318)\n\nSecurity Fix(es):\n\n* CloudForms lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails applications portion of CloudForms to escalate privileges. (CVE-2017-2664)\n\n* It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs). (CVE-2017-7530)\n\n* The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant. (CVE-2017-7497)\n\n* A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access. (CVE-2016-7047)\n\nThe CVE-2017-2664 issue was discovered by Libor Pichler (Red Hat) and Martin Povolny (Red Hat); the CVE-2017-7530 issue was discovered by Tim Wade (Red Hat); the CVE-2017-7497 issue was discovered by Gellert Kis (Red Hat); and the CVE-2016-7047 issue was discovered by Simon Lukasik (Red Hat).\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:1758",
        "url": "https://access.redhat.com/errata/RHSA-2017:1758"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1374215",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374215"
      },
      {
        "category": "external",
        "summary": "1435393",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435393"
      },
      {
        "category": "external",
        "summary": "1438562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1438562"
      },
      {
        "category": "external",
        "summary": "1439309",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439309"
      },
      {
        "category": "external",
        "summary": "1441321",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441321"
      },
      {
        "category": "external",
        "summary": "1444505",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444505"
      },
      {
        "category": "external",
        "summary": "1449273",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449273"
      },
      {
        "category": "external",
        "summary": "1450082",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450082"
      },
      {
        "category": "external",
        "summary": "1450087",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450087"
      },
      {
        "category": "external",
        "summary": "1450150",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450150"
      },
      {
        "category": "external",
        "summary": "1450502",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450502"
      },
      {
        "category": "external",
        "summary": "1450518",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450518"
      },
      {
        "category": "external",
        "summary": "1454445",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454445"
      },
      {
        "category": "external",
        "summary": "1455685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455685"
      },
      {
        "category": "external",
        "summary": "1456017",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1456017"
      },
      {
        "category": "external",
        "summary": "1458333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458333"
      },
      {
        "category": "external",
        "summary": "1458337",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458337"
      },
      {
        "category": "external",
        "summary": "1458339",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458339"
      },
      {
        "category": "external",
        "summary": "1458341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458341"
      },
      {
        "category": "external",
        "summary": "1458356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458356"
      },
      {
        "category": "external",
        "summary": "1458360",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458360"
      },
      {
        "category": "external",
        "summary": "1458363",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458363"
      },
      {
        "category": "external",
        "summary": "1458365",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458365"
      },
      {
        "category": "external",
        "summary": "1458374",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458374"
      },
      {
        "category": "external",
        "summary": "1458377",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458377"
      },
      {
        "category": "external",
        "summary": "1458434",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458434"
      },
      {
        "category": "external",
        "summary": "1458445",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458445"
      },
      {
        "category": "external",
        "summary": "1458447",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458447"
      },
      {
        "category": "external",
        "summary": "1458448",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458448"
      },
      {
        "category": "external",
        "summary": "1458454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458454"
      },
      {
        "category": "external",
        "summary": "1458892",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458892"
      },
      {
        "category": "external",
        "summary": "1458896",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458896"
      },
      {
        "category": "external",
        "summary": "1458899",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458899"
      },
      {
        "category": "external",
        "summary": "1458900",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458900"
      },
      {
        "category": "external",
        "summary": "1458919",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458919"
      },
      {
        "category": "external",
        "summary": "1458921",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458921"
      },
      {
        "category": "external",
        "summary": "1458924",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458924"
      },
      {
        "category": "external",
        "summary": "1458925",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458925"
      },
      {
        "category": "external",
        "summary": "1458926",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458926"
      },
      {
        "category": "external",
        "summary": "1458927",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458927"
      },
      {
        "category": "external",
        "summary": "1458930",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458930"
      },
      {
        "category": "external",
        "summary": "1458934",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458934"
      },
      {
        "category": "external",
        "summary": "1458935",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458935"
      },
      {
        "category": "external",
        "summary": "1458943",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458943"
      },
      {
        "category": "external",
        "summary": "1458945",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458945"
      },
      {
        "category": "external",
        "summary": "1458946",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458946"
      },
      {
        "category": "external",
        "summary": "1458947",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458947"
      },
      {
        "category": "external",
        "summary": "1458951",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458951"
      },
      {
        "category": "external",
        "summary": "1459217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459217"
      },
      {
        "category": "external",
        "summary": "1459225",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459225"
      },
      {
        "category": "external",
        "summary": "1459227",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459227"
      },
      {
        "category": "external",
        "summary": "1459235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459235"
      },
      {
        "category": "external",
        "summary": "1459243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459243"
      },
      {
        "category": "external",
        "summary": "1459247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459247"
      },
      {
        "category": "external",
        "summary": "1459257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459257"
      },
      {
        "category": "external",
        "summary": "1459258",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459258"
      },
      {
        "category": "external",
        "summary": "1459261",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459261"
      },
      {
        "category": "external",
        "summary": "1459262",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459262"
      },
      {
        "category": "external",
        "summary": "1459264",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459264"
      },
      {
        "category": "external",
        "summary": "1459297",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459297"
      },
      {
        "category": "external",
        "summary": "1459306",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459306"
      },
      {
        "category": "external",
        "summary": "1459318",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459318"
      },
      {
        "category": "external",
        "summary": "1459562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459562"
      },
      {
        "category": "external",
        "summary": "1459902",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459902"
      },
      {
        "category": "external",
        "summary": "1459903",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459903"
      },
      {
        "category": "external",
        "summary": "1459923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459923"
      },
      {
        "category": "external",
        "summary": "1459928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459928"
      },
      {
        "category": "external",
        "summary": "1459929",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459929"
      },
      {
        "category": "external",
        "summary": "1459940",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459940"
      },
      {
        "category": "external",
        "summary": "1459944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459944"
      },
      {
        "category": "external",
        "summary": "1459959",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459959"
      },
      {
        "category": "external",
        "summary": "1459962",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459962"
      },
      {
        "category": "external",
        "summary": "1459977",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459977"
      },
      {
        "category": "external",
        "summary": "1459986",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459986"
      },
      {
        "category": "external",
        "summary": "1459989",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459989"
      },
      {
        "category": "external",
        "summary": "1459990",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459990"
      },
      {
        "category": "external",
        "summary": "1459992",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459992"
      },
      {
        "category": "external",
        "summary": "1460000",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460000"
      },
      {
        "category": "external",
        "summary": "1460002",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460002"
      },
      {
        "category": "external",
        "summary": "1460004",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460004"
      },
      {
        "category": "external",
        "summary": "1460023",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460023"
      },
      {
        "category": "external",
        "summary": "1460024",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460024"
      },
      {
        "category": "external",
        "summary": "1460027",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460027"
      },
      {
        "category": "external",
        "summary": "1460031",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460031"
      },
      {
        "category": "external",
        "summary": "1460032",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460032"
      },
      {
        "category": "external",
        "summary": "1460033",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460033"
      },
      {
        "category": "external",
        "summary": "1460034",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460034"
      },
      {
        "category": "external",
        "summary": "1460036",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460036"
      },
      {
        "category": "external",
        "summary": "1460265",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460265"
      },
      {
        "category": "external",
        "summary": "1460293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460293"
      },
      {
        "category": "external",
        "summary": "1460294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460294"
      },
      {
        "category": "external",
        "summary": "1460304",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460304"
      },
      {
        "category": "external",
        "summary": "1460307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460307"
      },
      {
        "category": "external",
        "summary": "1460308",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460308"
      },
      {
        "category": "external",
        "summary": "1460309",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460309"
      },
      {
        "category": "external",
        "summary": "1460310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460310"
      },
      {
        "category": "external",
        "summary": "1460316",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460316"
      },
      {
        "category": "external",
        "summary": "1460318",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460318"
      },
      {
        "category": "external",
        "summary": "1460334",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460334"
      },
      {
        "category": "external",
        "summary": "1460339",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460339"
      },
      {
        "category": "external",
        "summary": "1460348",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460348"
      },
      {
        "category": "external",
        "summary": "1460349",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460349"
      },
      {
        "category": "external",
        "summary": "1460356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460356"
      },
      {
        "category": "external",
        "summary": "1460357",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460357"
      },
      {
        "category": "external",
        "summary": "1460359",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460359"
      },
      {
        "category": "external",
        "summary": "1460366",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460366"
      },
      {
        "category": "external",
        "summary": "1460372",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460372"
      },
      {
        "category": "external",
        "summary": "1460375",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460375"
      },
      {
        "category": "external",
        "summary": "1460380",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460380"
      },
      {
        "category": "external",
        "summary": "1460382",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460382"
      },
      {
        "category": "external",
        "summary": "1460383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460383"
      },
      {
        "category": "external",
        "summary": "1460384",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460384"
      },
      {
        "category": "external",
        "summary": "1460385",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460385"
      },
      {
        "category": "external",
        "summary": "1460386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460386"
      },
      {
        "category": "external",
        "summary": "1460387",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460387"
      },
      {
        "category": "external",
        "summary": "1460394",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460394"
      },
      {
        "category": "external",
        "summary": "1460396",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460396"
      },
      {
        "category": "external",
        "summary": "1460397",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460397"
      },
      {
        "category": "external",
        "summary": "1460736",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460736"
      },
      {
        "category": "external",
        "summary": "1460755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460755"
      },
      {
        "category": "external",
        "summary": "1460761",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460761"
      },
      {
        "category": "external",
        "summary": "1460776",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460776"
      },
      {
        "category": "external",
        "summary": "1460777",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460777"
      },
      {
        "category": "external",
        "summary": "1460781",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460781"
      },
      {
        "category": "external",
        "summary": "1460791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460791"
      },
      {
        "category": "external",
        "summary": "1460792",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460792"
      },
      {
        "category": "external",
        "summary": "1461142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461142"
      },
      {
        "category": "external",
        "summary": "1460802",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460802"
      },
      {
        "category": "external",
        "summary": "1460803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460803"
      },
      {
        "category": "external",
        "summary": "1460805",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460805"
      },
      {
        "category": "external",
        "summary": "1460807",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460807"
      },
      {
        "category": "external",
        "summary": "1460808",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460808"
      },
      {
        "category": "external",
        "summary": "1460809",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460809"
      },
      {
        "category": "external",
        "summary": "1461070",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461070"
      },
      {
        "category": "external",
        "summary": "1461103",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461103"
      },
      {
        "category": "external",
        "summary": "1461143",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461143"
      },
      {
        "category": "external",
        "summary": "1461144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461144"
      },
      {
        "category": "external",
        "summary": "1461161",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461161"
      },
      {
        "category": "external",
        "summary": "1461165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461165"
      },
      {
        "category": "external",
        "summary": "1461169",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461169"
      },
      {
        "category": "external",
        "summary": "1461183",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461183"
      },
      {
        "category": "external",
        "summary": "1461456",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461456"
      },
      {
        "category": "external",
        "summary": "1461460",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461460"
      },
      {
        "category": "external",
        "summary": "1461467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461467"
      },
      {
        "category": "external",
        "summary": "1461475",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461475"
      },
      {
        "category": "external",
        "summary": "1461485",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461485"
      },
      {
        "category": "external",
        "summary": "1461513",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461513"
      },
      {
        "category": "external",
        "summary": "1461522",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461522"
      },
      {
        "category": "external",
        "summary": "1461535",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461535"
      },
      {
        "category": "external",
        "summary": "1461541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461541"
      },
      {
        "category": "external",
        "summary": "1461558",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461558"
      },
      {
        "category": "external",
        "summary": "1461559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461559"
      },
      {
        "category": "external",
        "summary": "1461593",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461593"
      },
      {
        "category": "external",
        "summary": "1461596",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461596"
      },
      {
        "category": "external",
        "summary": "1461857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461857"
      },
      {
        "category": "external",
        "summary": "1461860",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461860"
      },
      {
        "category": "external",
        "summary": "1461868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461868"
      },
      {
        "category": "external",
        "summary": "1461869",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461869"
      },
      {
        "category": "external",
        "summary": "1461956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461956"
      },
      {
        "category": "external",
        "summary": "1461958",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461958"
      },
      {
        "category": "external",
        "summary": "1461988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461988"
      },
      {
        "category": "external",
        "summary": "1462287",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462287"
      },
      {
        "category": "external",
        "summary": "1462309",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462309"
      },
      {
        "category": "external",
        "summary": "1462358",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462358"
      },
      {
        "category": "external",
        "summary": "1462361",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462361"
      },
      {
        "category": "external",
        "summary": "1462774",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462774"
      },
      {
        "category": "external",
        "summary": "1462779",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462779"
      },
      {
        "category": "external",
        "summary": "1462801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462801"
      },
      {
        "category": "external",
        "summary": "1462844",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462844"
      },
      {
        "category": "external",
        "summary": "1462957",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462957"
      },
      {
        "category": "external",
        "summary": "1463275",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463275"
      },
      {
        "category": "external",
        "summary": "1463321",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463321"
      },
      {
        "category": "external",
        "summary": "1463381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463381"
      },
      {
        "category": "external",
        "summary": "1463668",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463668"
      },
      {
        "category": "external",
        "summary": "1463848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463848"
      },
      {
        "category": "external",
        "summary": "1464118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464118"
      },
      {
        "category": "external",
        "summary": "1464151",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464151"
      },
      {
        "category": "external",
        "summary": "1464153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464153"
      },
      {
        "category": "external",
        "summary": "1464203",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464203"
      },
      {
        "category": "external",
        "summary": "1465448",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465448"
      },
      {
        "category": "external",
        "summary": "1466049",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466049"
      },
      {
        "category": "external",
        "summary": "1466855",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466855"
      },
      {
        "category": "external",
        "summary": "1468272",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468272"
      },
      {
        "category": "external",
        "summary": "1468275",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468275"
      },
      {
        "category": "external",
        "summary": "1468281",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468281"
      },
      {
        "category": "external",
        "summary": "1468285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468285"
      },
      {
        "category": "external",
        "summary": "1468292",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468292"
      },
      {
        "category": "external",
        "summary": "1468294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468294"
      },
      {
        "category": "external",
        "summary": "1468295",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468295"
      },
      {
        "category": "external",
        "summary": "1468296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468296"
      },
      {
        "category": "external",
        "summary": "1468336",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468336"
      },
      {
        "category": "external",
        "summary": "1468337",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468337"
      },
      {
        "category": "external",
        "summary": "1468370",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468370"
      },
      {
        "category": "external",
        "summary": "1468376",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468376"
      },
      {
        "category": "external",
        "summary": "1468380",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468380"
      },
      {
        "category": "external",
        "summary": "1468700",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468700"
      },
      {
        "category": "external",
        "summary": "1468703",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468703"
      },
      {
        "category": "external",
        "summary": "1468729",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468729"
      },
      {
        "category": "external",
        "summary": "1469308",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469308"
      },
      {
        "category": "external",
        "summary": "1469560",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469560"
      },
      {
        "category": "external",
        "summary": "1469653",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469653"
      },
      {
        "category": "external",
        "summary": "1469702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469702"
      },
      {
        "category": "external",
        "summary": "1470179",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470179"
      },
      {
        "category": "external",
        "summary": "1470773",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470773"
      },
      {
        "category": "external",
        "summary": "1470774",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470774"
      },
      {
        "category": "external",
        "summary": "1470800",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470800"
      },
      {
        "category": "external",
        "summary": "1470812",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470812"
      },
      {
        "category": "external",
        "summary": "1470847",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470847"
      },
      {
        "category": "external",
        "summary": "1471821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471821"
      },
      {
        "category": "external",
        "summary": "1472837",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472837"
      },
      {
        "category": "external",
        "summary": "1472841",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472841"
      },
      {
        "category": "external",
        "summary": "1472842",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472842"
      },
      {
        "category": "external",
        "summary": "1473336",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473336"
      },
      {
        "category": "external",
        "summary": "1473424",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473424"
      },
      {
        "category": "external",
        "summary": "1473787",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473787"
      },
      {
        "category": "external",
        "summary": "1474504",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474504"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1758.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat CloudForms security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-30T11:35:00+00:00",
      "generator": {
        "date": "2026-06-30T11:35:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHSA-2017:1758",
      "initial_release_date": "2017-08-02T17:23:43+00:00",
      "revision_history": [
        {
          "date": "2017-08-02T17:23:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-08-02T17:23:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T11:35:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CloudForms Management Engine 5.8",
                "product": {
                  "name": "CloudForms Management Engine 5.8",
                  "product_id": "7Server-RH7-CFME-5.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat CloudForms"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ansible-0:2.3.0.0-1.el7.src",
                "product": {
                  "name": "ansible-0:2.3.0.0-1.el7.src",
                  "product_id": "ansible-0:2.3.0.0-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ansible@2.3.0.0-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
                "product": {
                  "name": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
                  "product_id": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-ruby23-rubygem-nokogiri@1.7.2-1.el7cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-gemset-0:5.8.1.5-1.el7cf.src",
                "product": {
                  "name": "cfme-gemset-0:5.8.1.5-1.el7cf.src",
                  "product_id": "cfme-gemset-0:5.8.1.5-1.el7cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-gemset@5.8.1.5-1.el7cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-appliance-0:5.8.1.5-1.el7cf.src",
                "product": {
                  "name": "cfme-appliance-0:5.8.1.5-1.el7cf.src",
                  "product_id": "cfme-appliance-0:5.8.1.5-1.el7cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-appliance@5.8.1.5-1.el7cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.8.1.5-1.el7cf.src",
                "product": {
                  "name": "cfme-0:5.8.1.5-1.el7cf.src",
                  "product_id": "cfme-0:5.8.1.5-1.el7cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.8.1.5-1.el7cf?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ansible-0:2.3.0.0-1.el7.noarch",
                "product": {
                  "name": "ansible-0:2.3.0.0-1.el7.noarch",
                  "product_id": "ansible-0:2.3.0.0-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ansible@2.3.0.0-1.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
                "product": {
                  "name": "ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
                  "product_id": "ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ansible-tower-setup@3.1.3-1.el7at?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ansible-tower-server-0:3.1.3-1.el7at.x86_64",
                "product": {
                  "name": "ansible-tower-server-0:3.1.3-1.el7at.x86_64",
                  "product_id": "ansible-tower-server-0:3.1.3-1.el7at.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ansible-tower-server@3.1.3-1.el7at?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
                "product": {
                  "name": "rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
                  "product_id": "rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-ruby23-rubygem-nokogiri-debuginfo@1.7.2-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
                "product": {
                  "name": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
                  "product_id": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-ruby23-rubygem-nokogiri@1.7.2-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64",
                "product": {
                  "name": "rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64",
                  "product_id": "rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-ruby23-rubygem-nokogiri-doc@1.7.2-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
                  "product_id": "cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-gemset@5.8.1.5-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
                  "product_id": "cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-appliance@5.8.1.5-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
                  "product_id": "cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-appliance-debuginfo@5.8.1.5-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.8.1.5-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-0:5.8.1.5-1.el7cf.x86_64",
                  "product_id": "cfme-0:5.8.1.5-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.8.1.5-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
                  "product_id": "cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-debuginfo@5.8.1.5-1.el7cf?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ansible-0:2.3.0.0-1.el7.noarch as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch"
        },
        "product_reference": "ansible-0:2.3.0.0-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ansible-0:2.3.0.0-1.el7.src as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src"
        },
        "product_reference": "ansible-0:2.3.0.0-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ansible-tower-server-0:3.1.3-1.el7at.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64"
        },
        "product_reference": "ansible-tower-server-0:3.1.3-1.el7at.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ansible-tower-setup-0:3.1.3-1.el7at.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64"
        },
        "product_reference": "ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.8.1.5-1.el7cf.src as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src"
        },
        "product_reference": "cfme-0:5.8.1.5-1.el7cf.src",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.8.1.5-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64"
        },
        "product_reference": "cfme-0:5.8.1.5-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-appliance-0:5.8.1.5-1.el7cf.src as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src"
        },
        "product_reference": "cfme-appliance-0:5.8.1.5-1.el7cf.src",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-appliance-0:5.8.1.5-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64"
        },
        "product_reference": "cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64"
        },
        "product_reference": "cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64"
        },
        "product_reference": "cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-gemset-0:5.8.1.5-1.el7cf.src as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src"
        },
        "product_reference": "cfme-gemset-0:5.8.1.5-1.el7cf.src",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-gemset-0:5.8.1.5-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64"
        },
        "product_reference": "cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src"
        },
        "product_reference": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64"
        },
        "product_reference": "rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64"
        },
        "product_reference": "rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.8",
          "product_id": "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
        },
        "product_reference": "rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Simon Lukasik"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2016-7047",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2016-09-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1374215"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cfme: API leaks any MiqReportResult",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
          "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
          "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
          "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
          "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-7047"
        },
        {
          "category": "external",
          "summary": "RHBZ#1374215",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1374215"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-7047"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7047",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7047"
        }
      ],
      "release_date": "2017-06-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-08-02T17:23:43+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
            "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1758"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
            "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "cfme: API leaks any MiqReportResult"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Libor Pichler",
            "Martin Povolny"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-2664",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2017-03-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1435393"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CloudForms lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails applications portion of CloudForms to escalate privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CloudForms: lack of RBAC on various methods in web UI",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
          "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
          "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
          "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
          "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-2664"
        },
        {
          "category": "external",
          "summary": "RHBZ#1435393",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435393"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-2664"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2664",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2664"
        }
      ],
      "release_date": "2017-08-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-08-02T17:23:43+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
            "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1758"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
            "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "CloudForms: lack of RBAC on various methods in web UI"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Gellert Kis"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-7497",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2017-05-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1450150"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CFME: Dialog for creating cloud volumes does not filter cloud tenants CVE-2017-7497",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
          "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
          "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
          "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
          "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-7497"
        },
        {
          "category": "external",
          "summary": "RHBZ#1450150",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450150"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-7497"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7497",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7497"
        }
      ],
      "release_date": "2017-05-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-08-02T17:23:43+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
            "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1758"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
            "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CFME: Dialog for creating cloud volumes does not filter cloud tenants CVE-2017-7497"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Tim Wade"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-7530",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "discovery_date": "2017-06-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1465448"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cfme: Execution of arbitrary methods through filter param",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
          "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
          "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
          "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
          "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
          "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-7530"
        },
        {
          "category": "external",
          "summary": "RHBZ#1465448",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465448"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7530",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-7530"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7530",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7530"
        }
      ],
      "release_date": "2017-08-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-08-02T17:23:43+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
            "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1758"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.noarch",
            "7Server-RH7-CFME-5.8:ansible-0:2.3.0.0-1.el7.src",
            "7Server-RH7-CFME-5.8:ansible-tower-server-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:ansible-tower-setup-0:3.1.3-1.el7at.x86_64",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-appliance-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-appliance-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-debuginfo-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.src",
            "7Server-RH7-CFME-5.8:cfme-gemset-0:5.8.1.5-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.src",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-debuginfo-0:1.7.2-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.8:rh-ruby23-rubygem-nokogiri-doc-0:1.7.2-1.el7cf.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "cfme: Execution of arbitrary methods through filter param"
    }
  ]
}