cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root

CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby DRb module installed on the system to execute arbitrary shell commands using instanceeval...

PT-2014-2542 · Red Hat +1 · Red Hat Cloudforms +1

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms 2.0 Management Engine CFME versions 5.1 and earlier ManageIQ Enterprise Virtualization Manager versions 5.0 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is...

2: miq_policy/explorer SQL injection

SQL injection vulnerability in the miqpolicy controller in Red Hat CloudForms 2.0 Management Engine CFME 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile parameter in an explorer action...