A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.Referenceshttps://access.redhat.com/errata/RHSA-2017:1601https://access.redhat.com/errata/RHSA-2017:1758https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047http://www.securityfocus.com/bid/99329
