Arbitrary Shell Command Execution in Red Hat CloudForms Management Engine 4.1

Arbitrary Shell Command Execution in Red Hat CloudForms Management Engine 4.1

CVE-2016-7040 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.

Learn more about our Web App Pen Testing.