cfme is vulnerable to privilege escalation attacks. The vulnerability exists as Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
rhn.redhat.com/errata/RHSA-2014-1317.html
access.redhat.com/documentation/en-US/CloudForms/3.1/html/Management_Engine_5.3_Release_Notes
access.redhat.com/documentation/en-US/CloudForms/3.1/html/Management_Engine_5.3_Technical_Notes
access.redhat.com/errata/RHSA-2014:1317
access.redhat.com/security/cve/CVE-2014-0140
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1077359
rhn.redhat.com/errata/RHSA-2014-1317.html