CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloudforms | Redhat | 4.2 (including) | 4.2 (including) |
Cloudforms | Redhat | 4.6 (including) | 4.6 (including) |
Cloudforms_management_engine | Redhat | * | 5.7.3 (excluding) |
Cloudforms_management_engine | Redhat | 5.8 (including) | 5.8.1 (excluding) |