In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloudforms | Redhat | 4.7 (including) | 4.7 (including) |
Cloudforms | Redhat | 5.0.0 (including) | 5.0.0 (including) |