Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-2c39-ngdz-6khz

Summary CloudForms: insecure password storage in PostgreSQL database

Aliases

alias	CVE-2015-7502

Fixed_packages

Affected_packages

url pkg:rpm/redhat/cfme@5.4.4.2-1?arch=el6cf

purl pkg:rpm/redhat/cfme@5.4.4.2-1?arch=el6cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme@5.4.4.2-1%3Farch=el6cf

url pkg:rpm/redhat/cfme@5.5.0.13-2?arch=el7cf

purl pkg:rpm/redhat/cfme@5.5.0.13-2?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme@5.5.0.13-2%3Farch=el7cf

url pkg:rpm/redhat/cfme-appliance@5.5.0.13-1?arch=el7cf

purl pkg:rpm/redhat/cfme-appliance@5.5.0.13-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-appliance@5.5.0.13-1%3Farch=el7cf

url pkg:rpm/redhat/cfme-gemset@5.4.4.2-1?arch=el6cf

purl pkg:rpm/redhat/cfme-gemset@5.4.4.2-1?arch=el6cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-gemset@5.4.4.2-1%3Farch=el6cf

url pkg:rpm/redhat/cfme-gemset@5.5.0.13-1?arch=el7cf

purl pkg:rpm/redhat/cfme-gemset@5.5.0.13-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-gemset@5.5.0.13-1%3Farch=el7cf

url pkg:rpm/redhat/prince@9.0r2-10?arch=el7cf

purl pkg:rpm/redhat/prince@9.0r2-10?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-5dmr-8tvd-8uen

vulnerability	VCID-65ha-wgr4-eqd4

vulnerability	VCID-dysm-mxnw-xfgu

vulnerability	VCID-rqh3-c53s-vuee

vulnerability	VCID-sqa5-8yrd-qyfz

vulnerability	VCID-teyt-6844-wyad

vulnerability	VCID-xby9-avva-a3e5

vulnerability	VCID-z5na-uzmt-x3gr

vulnerability	VCID-zrsc-vqxk-vkgx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prince@9.0r2-10%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-bcrypt@3.1.10-3?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-bcrypt@3.1.10-3?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-bcrypt@3.1.10-3%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-escape_utils@1.1.0-2?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-escape_utils@1.1.0-2?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-escape_utils@1.1.0-2%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-eventmachine@1.0.7-6?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-eventmachine@1.0.7-6?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-eventmachine@1.0.7-6%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-ffi@1.9.8-4?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-ffi@1.9.8-4?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-ffi@1.9.8-4%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-json@1.8.2-9?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-json@1.8.2-9?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-json@1.8.2-9%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-linux_block_device@0.1.0-2?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-linux_block_device@0.1.0-2?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-linux_block_device@0.1.0-2%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-memory_buffer@0.1.0-2?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-memory_buffer@0.1.0-2?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-memory_buffer@0.1.0-2%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-net_app_manageability@0.1.0-3?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-net_app_manageability@0.1.0-3?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-net_app_manageability@0.1.0-3%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-nokogiri@1.6.6.2-3?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-nokogiri@1.6.6.2-3?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-nokogiri@1.6.6.2-3%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-pg@0.18.2-2?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-pg@0.18.2-2?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-pg@0.18.2-2%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-psych@2.0.13-4?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-psych@2.0.13-4?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-psych@2.0.13-4%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-puma@2.13.4-2?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-puma@2.13.4-2?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-puma@2.13.4-2%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_cfme@0.0.7-1?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_cfme@0.0.7-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_cfme@0.0.7-1%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_lib@0.0.6-1?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_lib@0.0.6-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_lib@0.0.6-1%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-thin@1.6.3-2?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-thin@1.6.3-2?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-thin@1.6.3-2%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby22-rubygem-unf_ext@0.0.7.1-3?arch=el7cf

purl pkg:rpm/redhat/rh-ruby22-rubygem-unf_ext@0.0.7.1-3?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-unf_ext@0.0.7.1-3%3Farch=el7cf

url pkg:rpm/redhat/wmi@1.3.14-6?arch=el7cf

purl pkg:rpm/redhat/wmi@1.3.14-6?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2c39-ngdz-6khz

vulnerability	VCID-teyt-6844-wyad

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/wmi@1.3.14-6%3Farch=el7cf

References

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2620.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2620.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7502.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7502.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7502

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.18885
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.1893
published_at	2026-04-13T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18985
published_at	2026-04-01T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.1912
published_at	2026-04-02T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19172
published_at	2026-04-04T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18889
published_at	2026-04-07T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18967
published_at	2026-04-08T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19021
published_at	2026-04-09T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19028
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18982
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7502

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1283019
reference_id	1283019
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1283019

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:3.2:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.0:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7502

reference_id

CVE-2015-7502

reference_type

scores

value	1.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:P/I:N/A:N

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7502

reference_url	https://access.redhat.com/errata/RHSA-2015:2551
reference_id	RHSA-2015:2551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2551

reference_url	https://access.redhat.com/errata/RHSA-2015:2620
reference_id	RHSA-2015:2620
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2620

Weaknesses

cwe_id	522
name	Insufficiently Protected Credentials
description	The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exploits

Severity_range_score 1.9 - 5.1

Exploitability 0.5

Weighted_severity 4.6

Risk_score 2.3

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c39-ngdz-6khz

Vulnerability Instance