A flaw was found in the CloudForms management engine which will trigger remote code execution through NFS schedule backup. An attacker could use this flaw to execute arbitrary shell commands on CloudForms server as root.
Acknowledgments: Name: Jaroslav Henner (Red Hat)
This issue has been addressed in the following products: CloudForms Management Engine 5.11 Via RHSA-2020:0588 https://access.redhat.com/errata/RHSA-2020:0588
This issue has been addressed in the following products: CloudForms Management Engine 5.10 Via RHSA-2020:0589 https://access.redhat.com/errata/RHSA-2020:0589
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14894