CloudForms version 5.11 and below are vulnerable to Cross Site Request Forgery attack which can force the user to perform state changing requests if the user is currently authenticated.
Name: Sruthi M (IBM), Purnachand Pulahari (IBM)
This issue has been addressed in the following products:
CloudForms Management Engine 5.11
Via RHSA-2020:4134 https://access.redhat.com/errata/RHSA-2020:4134
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):