Cross site request forgery (csrf)

The backend in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a 1 SOAP or 2 GWT request...