Red Hat · Cloudforms · CVE-2016-7071
**Name of the Vulnerable Software and Affected Versions**
CloudForms versions prior to 5.6.2.2
CloudForms versions prior to 5.7.0.7
**Description**
The issue is related to improper application of permissions controls to VM IDs passed by users. A remote, authenticated attacker could exploit this to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
**Recommendations**
For versions prior to 5.6.2.2, update to version 5.6.2.2 or later.
For versions prior to 5.7.0.7, update to version 5.7.0.7 or later.