CVE-2012-6118 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2012-6118

CWE

https://cwe.mitre.org/data/definitions/264.html

The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.

Affected Software

Name	Vendor	Start Version	End Version
Aeolus_conductor	Redhat	- (including)	- (including)
CloudForms for RHEL 6	RedHat	aeolus-conductor-0:0.13.26-1.el6cf	*
CloudForms for RHEL 6	RedHat	aeolus-configserver-0:0.4.12-3.el6cf	*
CloudForms for RHEL 6	RedHat	imagefactory-0:1.0.3-1.el6cf	*
CloudForms for RHEL 6	RedHat	oz-0:0.8.0-8.el6cf	*

References

http://rhn.redhat.com/errata/RHSA-2013-0545.html
https://bugzilla.redhat.com/show_bug.cgi?id=906192