CVE-2016-7040

2016-10-07T14:59:00
ID CVE-2016-7040
Type cve
Reporter cve@mitre.org
Modified 2016-11-28T20:37:00

Description

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.