CVE-2016-8520

Sažetak

HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.

Reference

http://www.securityfocus.com/bid/95369
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05363782

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-03-2018 - 14:15

Objavljeno

15-02-2018 - 22:29