PT-2016-5960 · Red Hat · Red Hat Enterprise Virtualization Manager

Adam Mariš

Publicado

2016-12-14

Atualizado

2023-02-12

CVE-2016-4443

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Virtualization (RHEV) Manager version 3.6

Description The issue allows local users to access sensitive information, including encryption keys and certificates, by reading the engine-setup log file.

Recommendations For Red Hat Enterprise Virtualization (RHEV) Manager version 3.6, restrict access to the engine-setup log file to prevent unauthorized users from obtaining sensitive information.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2016-4443

RHSA-2016:1929

Produtos afetados

Red Hat Enterprise Virtualization Manager

PT-2016-5960 · Red Hat · Red Hat Enterprise Virtualization Manager

CVE-2016-4443

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6