Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2696

Overview

Vulnerability Score 2.7 2.7
CVE Id CVE-2012-2696
Last Modified 07 Jan 2013 10:15:40
Published 04 Jan 2013 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-2696

Summary

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.

Vulnerable Systems

Application

  • Redhat Enterprise Virtualization Manager 2.1

  • Redhat Enterprise Virtualization Manager 2.2

  • Redhat Enterprise Virtualization Manager 2.2.3

  • Redhat Enterprise Virtualization Manager 3.0


References

XF - enterprise-system-backend-sec-bypass(80545)

SECTRACK - 1027838

BID - 56825

REDHAT - RHSA-2012:1506


Last Updated: 27 May 2016 10:57:37