Aaron Patterson of Red Hat reports: If the REST API is going to support a filter, that should be converted to an ActiveRecord where clause - where it should be safer. In general, it would be good to understand why we offer SQL filters on the REST API because I do not think they should be exposed.
Acknowledgement: This issue was discovered by the Red Hat CloudForms Team.
This issue has been addressed in the following products: CloudForms Management Engine 5.3 Via RHSA-2015:0028 https://rhn.redhat.com/errata/RHSA-2015-0028.html