CVE-2020-25716

CVE-2020-25716 affects CloudForms (CFME) prior to version 5.11.10.1, enabling a role-based privilege escalation via export/import of administrator files by a user in a specific group. The flaw stems from an incomplete fix for CVE-2020-10783 and can compromise data confidentiality and integrity; t...

CVE-2020-14325

CVE-2020-14325 describes a vulnerability in Red Hat CloudForms prior to 5.11.7.0 where a User Impersonation/authorization flaw could let an attacker create or use an RBAC user (with groups/roles such as EvmGroup-super_administrator) and perform API requests as a super administrator. The related R...