CVE-2015-5201

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) versions 6-6.x through 6-6.7-20151117.0 Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) versions 7-7.x through 7-7.2-20151119.0 Red Hat Enterprise Virtualization versions prior to 3.5.6

Description: The issue allows remote attackers to log in without authentication via unspecified vectors when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored.

Recommendations: For Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) versions 6-6.x through 6-6.7-20151117.0, update to version 6-6.7-20151117.0 or later. For Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) versions 7-7.x through 7-7.2-20151119.0, update to version 7-7.2-20151119.0 or later. For Red Hat Enterprise Virtualization versions prior to 3.5.6, update to version 3.5.6 or later. As a temporary workaround, consider avoiding the use of -spice disable-ticketing when running VSDM until a patch is available.