Foreman upstream is affected by the remote code execution flaw which allows authenticated attacker to perform remote code execution attack. In this type of vulnerability an attacker is able to run command of their choosing with system level privileges on a server that possesses the appropriate weakness but this is only possible when attacker have gain some high-level privileges on the Foreman.
Upstream patch: https://projects.theforeman.org/issues/32753 https://github.com/theforeman/foreman/pull/8599
This issue has been addressed in the following products: Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8 Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3584