Red Hat · Red Hat Enterprise Virtualization Manager · CVE-2016-6338
**Name of the Vulnerable Software and Affected Versions**
Red Hat Enterprise Virtualization Manager (RHEV-M) version 4.0
**Description**
The issue allows physically proximate attackers to bypass a webadmin session timeout restriction. This is achieved via vectors related to UI selections, which trigger repeating queries.
**Recommendations**
For RHEV-M version 4.0, consider implementing a custom session timeout mechanism to mitigate the risk of session bypass. As a temporary workaround, restrict access to the webadmin interface to minimize the risk of exploitation.