Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated, a local attacker might be able to gain access to sensitive information. (CVE-2015-7502)
This update also fixes several bugs. Documentation for these changes is available in the Release Notes linked to in the References section.
All CFME users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.