foreman does not properly restrict access to APIs. A remote attacker is able to access arbitrary hosts via an API request.
projects.theforeman.org/issues/2863
rhn.redhat.com/errata/RHSA-2013-1196.html
theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.2
access.redhat.com/documentation/en-US/Red_Hat_Satellite/
access.redhat.com/errata/RHEA-2014:1175
access.redhat.com/errata/RHSA-2013:1196
access.redhat.com/security/cve/CVE-2013-4182
access.redhat.com/site/documentation/
bugzilla.redhat.com/show_bug.cgi?id=990374