PT-2017-8968 · Red Hat · Red Hat Enterprise Virtualization Manager
Greg Sheremeta
·
Published
2017-04-20
·
Updated
2023-02-12
·
CVE-2016-6338
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Red Hat Enterprise Virtualization Manager (RHEV-M) version 4.0
Description
The issue allows physically proximate attackers to bypass a webadmin session timeout restriction. This is achieved via vectors related to UI selections, which trigger repeating queries.
Recommendations
For RHEV-M version 4.0, consider implementing a custom session timeout mechanism to mitigate the risk of session bypass. As a temporary workaround, restrict access to the webadmin interface to minimize the risk of exploitation.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Enterprise Virtualization Manager