PT-2016-5960 · Red Hat · Red Hat Enterprise Virtualization Manager
Adam Mariš
+1
·
Published
2016-12-14
·
Updated
2023-02-12
·
CVE-2016-4443
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat Enterprise Virtualization (RHEV) Manager version 3.6
Description
The issue allows local users to access sensitive information, including encryption keys and certificates, by reading the engine-setup log file.
Recommendations
For Red Hat Enterprise Virtualization (RHEV) Manager version 3.6, restrict access to the engine-setup log file to prevent unauthorized users from obtaining sensitive information.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Enterprise Virtualization Manager