Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.
[
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7 and 5"
}
]
}
]