It was found that Red Hat CloudForms exposed default routes that were reachable via HTTP(S) requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation.
This issue was discovered by Jan Rusnacko of Red Hat Product Security.
This issue has been addressed in the following products:
CloudForms Management Engine 5.3
Via RHSA-2014:1317 https://rhn.redhat.com/errata/RHSA-2014-1317.html