The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloudforms_3.0_management_engine | Redhat | 5.2.1 | 5.2.1 |
Cloudforms_3.0_management_engine | Redhat | * | 5.2.3 |
Cloudforms_3.0_management_engine | Redhat | 5.2.2 | 5.2.2 |
Cloudforms_3.0_management_engine | Redhat | 5.2 | 5.2 |
CloudForms Management Engine 5.x | RedHat | cfme-0:5.2.3.2-1.el6cf | * |
CloudForms Management Engine 5.x | RedHat | postgresql92-postgresql-0:9.2.7-1.1.el6 | * |
CloudForms Management Engine 5.x | RedHat | prince-0:9.0r2-4.el6cf | * |
CloudForms Management Engine 5.x | RedHat | ruby193-rubygem-actionpack-1:3.2.13-6.el6cf | * |