Red Hat Bugzilla – Bug 1268785
CVE-2015-5294 cfme: internal DB password configuration allows arbitrary command execution
Last modified: 2015-12-09 11:46:39 EST
When configuring the CFME appliance with an internal database with a password, passwords which contain shell commands may be invoked.
This issue is not a security vulnerability as the database password would be controlled by the database admin, who can simply modify the database to cause arbitrary code execution anyways, so no trust boundary is violated.