The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloudforms_3.0_management_engine | Redhat | * | 5.2.3 (including) |
Cloudforms_3.0_management_engine | Redhat | 5.2 (including) | 5.2 (including) |
Cloudforms_3.0_management_engine | Redhat | 5.2.1 (including) | 5.2.1 (including) |
Cloudforms_3.0_management_engine | Redhat | 5.2.2 (including) | 5.2.2 (including) |