Red Hat Bugzilla – Bug 1465448
CVE-2017-7530 cfme: Execution of arbitrary methods through filter param
Last modified: 2017-08-02 15:12:15 EDT
It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users.
Name: Tim Wade (Red Hat)
This issue has been addressed in the following products:
CloudForms Management Engine 5.8
Via RHSA-2017:1758 https://access.redhat.com/errata/RHSA-2017:1758