Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.
CPE | Name | Operator | Version |
---|---|---|---|
cloudforms_management_engine | eq | 5.0 | |
cloudforms_management_engine | eq | 4.7 |