PT-2016-6427 · Red Hat · Red Hat Enterprise Virtualization

Martin Prpič

Publicado

2016-10-03

Atualizado

2023-02-12

CVE-2016-5432

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Virtualization (RHEV) Engine version 4.0

Description The issue allows local users to obtain sensitive database provisioning information. This is achieved by reading log files, specifically those generated by the ovirt-engine-provisiondb utility.

Recommendations For Red Hat Enterprise Virtualization (RHEV) Engine version 4.0, consider restricting access to log files generated by the ovirt-engine-provisiondb utility to minimize the risk of sensitive information disclosure.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2016-5432

RHSA-2016:1967

Produtos afetados

Red Hat Enterprise Virtualization

PT-2016-6427 · Red Hat · Red Hat Enterprise Virtualization

CVE-2016-5432

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6