PT-2016-6427 · Red Hat · Red Hat Enterprise Virtualization
Martin Prpič
+1
·
Published
2016-10-03
·
Updated
2023-02-12
·
CVE-2016-5432
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat Enterprise Virtualization (RHEV) Engine version 4.0
Description
The issue allows local users to obtain sensitive database provisioning information. This is achieved by reading log files, specifically those generated by the ovirt-engine-provisiondb utility.
Recommendations
For Red Hat Enterprise Virtualization (RHEV) Engine version 4.0, consider restricting access to log files generated by the ovirt-engine-provisiondb utility to minimize the risk of sensitive information disclosure.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Enterprise Virtualization