PT-2017-8492 · Red Hat+1 · Subscription-Manager+2

Cedric Buissart

Published

2016-11-03

Updated

2023-02-12

CVE-2016-4455

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Subscription Manager versions prior to 1.17.7-1

Description The issue concerns weak permissions set for cache directories in the Subscription Manager package, allowing local users to access sensitive information by reading files in these directories.

Recommendations For versions prior to 1.17.7-1, update to version 1.17.7-1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2016_2592

CVE-2016-4455

RHSA-2016:2592

RHSA-2016_2592

RHSA-2017:0698

RHSA-2017_0698

Affected Products

Centos

Red Hat

Subscription-Manager

PT-2017-8492 · Red Hat+1 · Subscription-Manager+2

CVE-2016-4455

Weakness Enumeration

Related Identifiers

Affected Products

References · 23