A role-based privileges escalation flaw was found in Red Hat CloudForms where export or import of administrator files was possible. An attacker with EVM-Operator group can perform actions restricted only to system administrator. Refer CVE-2020-25716 for remaining RBAC group fixes.
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.