{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85446?format=json","vulnerability_id":"VCID-2c39-ngdz-6khz","summary":"CloudForms: insecure password storage in PostgreSQL database","aliases":[{"alias":"CVE-2015-7502"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116703?format=json","purl":"pkg:rpm/redhat/cfme@5.4.4.2-1?arch=el6cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme@5.4.4.2-1%3Farch=el6cf"},{"url":"http://public2.vulnerablecode.io/api/packages/116697?format=json","purl":"pkg:rpm/redhat/cfme@5.5.0.13-2?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme@5.5.0.13-2%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/116699?format=json","purl":"pkg:rpm/redhat/cfme-appliance@5.5.0.13-1?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-appliance@5.5.0.13-1%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/116698?format=json","purl":"pkg:rpm/redhat/cfme-gemset@5.4.4.2-1?arch=el6cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-gemset@5.4.4.2-1%3Farch=el6cf"},{"url":"http://public2.vulnerablecode.io/api/packages/116701?format=json","purl":"pkg:rpm/redhat/cfme-gemset@5.5.0.13-1?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-gemset@5.5.0.13-1%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/108688?format=json","purl":"pkg:rpm/redhat/prince@9.0r2-10?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-5dmr-8tvd-8uen"},{"vulnerability":"VCID-65ha-wgr4-eqd4"},{"vulnerability":"VCID-dysm-mxnw-xfgu"},{"vulnerability":"VCID-rqh3-c53s-vuee"},{"vulnerability":"VCID-sqa5-8yrd-qyfz"},{"vulnerability":"VCID-teyt-6844-wyad"},{"vulnerability":"VCID-xby9-avva-a3e5"},{"vulnerability":"VCID-z5na-uzmt-x3gr"},{"vulnerability":"VCID-zrsc-vqxk-vkgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prince@9.0r2-10%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114396?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-bcrypt@3.1.10-3?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-bcrypt@3.1.10-3%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114412?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-escape_utils@1.1.0-2?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-escape_utils@1.1.0-2%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114410?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-eventmachine@1.0.7-6?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-eventmachine@1.0.7-6%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114394?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-ffi@1.9.8-4?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-ffi@1.9.8-4%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114418?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-json@1.8.2-9?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-json@1.8.2-9%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114408?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-linux_block_device@0.1.0-2?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-linux_block_device@0.1.0-2%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114399?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-memory_buffer@0.1.0-2?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-memory_buffer@0.1.0-2%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114401?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-net_app_manageability@0.1.0-3?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-net_app_manageability@0.1.0-3%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114407?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-nokogiri@1.6.6.2-3?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-nokogiri@1.6.6.2-3%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114415?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-pg@0.18.2-2?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-pg@0.18.2-2%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114419?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-psych@2.0.13-4?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-psych@2.0.13-4%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/116702?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-puma@2.13.4-2?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-puma@2.13.4-2%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/116700?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_cfme@0.0.7-1?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_cfme@0.0.7-1%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114393?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_lib@0.0.6-1?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-redhat_access_lib@0.0.6-1%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114400?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-thin@1.6.3-2?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-thin@1.6.3-2%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114398?format=json","purl":"pkg:rpm/redhat/rh-ruby22-rubygem-unf_ext@0.0.7.1-3?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby22-rubygem-unf_ext@0.0.7.1-3%3Farch=el7cf"},{"url":"http://public2.vulnerablecode.io/api/packages/114402?format=json","purl":"pkg:rpm/redhat/wmi@1.3.14-6?arch=el7cf","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c39-ngdz-6khz"},{"vulnerability":"VCID-teyt-6844-wyad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/wmi@1.3.14-6%3Farch=el7cf"}],"references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2620.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-2620.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7502.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7502","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18894","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18794","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18985","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1912","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19172","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18889","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18967","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19021","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19028","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1893","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18885","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18897","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18909","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18798","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18734","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18613","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18698","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18801","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18762","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7502"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1283019","reference_id":"1283019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1283019"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:cloudforms:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:cloudforms:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7502","reference_id":"CVE-2015-7502","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2551","reference_id":"RHSA-2015:2551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2620","reference_id":"RHSA-2015:2620","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2620"}],"weaknesses":[{"cwe_id":522,"name":"Insufficiently Protected Credentials","description":"The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval."},{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."}],"exploits":[],"severity_range_score":"1.9 - 5.1","exploitability":"0.5","weighted_severity":"4.6","risk_score":2.3,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2c39-ngdz-6khz"}