Michal Skrivanek

Researcher fromRed Hat
#49199of 53,639
5Total CVSS
Vulnerabilities · 1
PT-2020-7855
5.0
2020-02-25
Red Hat · Red Hat Enterprise Virtualization · CVE-2015-5201
Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) versions 6-6.x through 6-6.7-20151117.0 Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) versions 7-7.x through 7-7.2-20151119.0 Red Hat Enterprise Virtualization versions prior to 3.5.6 Description: The issue allows remote attackers to log in without authentication via unspecified vectors when VSDM is run with `-spice disable-ticketing` and a VM is suspended and then restored. Recommendations: For Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) versions 6-6.x through 6-6.7-20151117.0, update to version 6-6.7-20151117.0 or later. For Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) versions 7-7.x through 7-7.2-20151119.0, update to version 7-7.2-20151119.0 or later. For Red Hat Enterprise Virtualization versions prior to 3.5.6, update to version 3.5.6 or later. As a temporary workaround, consider avoiding the use of `-spice disable-ticketing` when running VSDM until a patch is available.