CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
CPE | Name | Operator | Version |
---|---|---|---|
cloudforms | eq | 4.6 | |
cloudforms | eq | 4.2 | |
cloudforms_management_engine | ge | 5.8 | |
cloudforms_management_engine | lt | 5.8.1 | |
cloudforms_management_engine | lt | 5.7.3 |