Hide Forgot
CloudForms version 5.11 and below are vulnerable to Cross Site Request Forgery attack which can force the user to perform state changing requests if the user is currently authenticated.
Acknowledgments: Name: Sruthi M (IBM), Purnachand Pulahari (IBM) Upstream: ManageIQ
This issue has been addressed in the following products: CloudForms Management Engine 5.11 Via RHSA-2020:4134 https://access.redhat.com/errata/RHSA-2020:4134
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14369