Internally CFME uses AES-256-CBC encryption to encrypt important data before it is saved in the database. This encryption mode is vulnerable to padding oracle attack and CFME does allow attacker to submit forged ciphertexts for encryption and observe the result.
Acknowledgments: Name: Travis Scheponik (Red Hat)
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.