Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6115

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-6115
Last Modified 19 Mar 2013 12:00:00
Published 12 Mar 2013 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-6115

Summary

The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file.

Vulnerable Systems

Application

  • Redhat Enterprise Virtualization Manager 2.1

  • Redhat Enterprise Virtualization Manager 2.2

  • Redhat Enterprise Virtualization Manager 2.2.3

  • Redhat Enterprise Virtualization Manager 3.0

  • Redhat Enterprise Virtualization Manager 3.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=893355

XF - enterprise-domain-tool-info-disc(81833)

SECTRACK - 1028076

BID - 57749

REDHAT - RHSA-2013:0211

CONFIRM - http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=e8c72daec4efa8be0fcd8ea55c41e855ddd8eedf


Last Updated: 27 May 2016 11:02:04