Jiri Belka

**Name of the Vulnerable Software and Affected Versions** oVirt Engine versions prior to 4.0 **Description** The issue concerns the disclosure of sensitive information, specifically the ENGINE HTTPS PKI TRUST STORE PASSWORD, which is logged in the /var/log/ovirt-engine/engine.log file. This affects oVirt Engine in RHEV before version 4.0. **Recommendations** For versions prior to 4.0, update to version 4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) version 3.2 **Description** The issue allows local users to gain privileges via a Trojan horse application due to an unquoted Windows search path vulnerability in the rhev-guest-tools-iso package. **Recommendations** For version 3.2, update the rhev-guest-tools-iso package to a version that quotes the Windows search path to prevent exploitation.