CloudForms Management Engine (cfme) prior to 5.7.3 and 5.8.x prior to 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat cloudforms management engine |
||
redhat cloudforms 4.6 |
||
redhat cloudforms 4.2 |