CVE-2014-0087

Name of the Vulnerable Software and Affected Versions ManageIQ (affected versions not specified) Red Hat CloudForms Management Engine (CFME) (affected versions not specified)

Description The issue allows remote authenticated users to bypass authorization and gain privileges. This is due to improper RBAC checking in the check privileges method, specifically related to the rbac user edit action.

Recommendations For ManageIQ, update the check privileges method in vmdb/app/controllers/application controller.rb to properly implement RBAC checking. For Red Hat CloudForms Management Engine (CFME), ensure that the check privileges method is updated to prevent unauthorized privilege escalation. As a temporary workaround, consider restricting access to the rbac user edit action until a proper fix is applied.