CVE-2020-14324

Name of the Vulnerable Software and Affected Versions Red Hat CloudForms versions prior to 5.11.7.0

Description A high severity out of band OS command injection issue exists, allowing an authenticated attacker to execute arbitrary commands on the CloudForms server while setting up a conversion host through the Infrastructure Migration Solution. This is due to the lack of neutralization of special elements used in OS commands. The flaw can be exploited by a remote attacker.

Recommendations For versions prior to 5.11.7.0, update to version 5.11.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Infrastructure Migration Solution to minimize the risk of exploitation. Avoid using the vulnerable setup process for conversion hosts until the issue is resolved.