Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2016-4443
Vulnerability from cvelistv5
Published
2016-12-14 18:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2016-1929.html | Mitigation, Patch, Vendor Advisory | |
secalert@redhat.com | http://www.securityfocus.com/bid/92751 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | http://www.securitytracker.com/id/1036863 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1335106 | Issue Tracking, VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-1929.html | Mitigation, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92751 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036863 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1335106 | Issue Tracking, VDB Entry, Vendor Advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:32:25.186Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "92751", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92751", }, { name: "1036863", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036863", }, { name: "RHSA-2016:1929", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1929.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-02T00:00:00", descriptions: [ { lang: "en", value: "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-14T17:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "92751", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92751", }, { name: "1036863", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036863", }, { name: "RHSA-2016:1929", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1929.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-4443", datePublished: "2016-12-14T18:00:00", dateReserved: "2016-05-02T00:00:00", dateUpdated: "2024-08-06T00:32:25.186Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:enterprise_virtualization:3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5611A87C-7A9C-4F81-9162-F06FD23709FA\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.\"}, {\"lang\": \"es\", \"value\": \"Red Hat Enterprise Virtualization (RHEV) Manager 3.6 permite a usuarios locales obtener claves de encriptaci\\u00f3n, certificados y otra informaci\\u00f3n sensible mediante la lectura del archivo de inicio de sesi\\u00f3n engine-setup.\"}]", id: "CVE-2016-4443", lastModified: "2024-11-21T02:52:12.713", metrics: "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2016-12-14T18:59:01.403", references: "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1929.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/92751\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036863\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1335106\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1929.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/92751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036863\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1335106\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"VDB Entry\", \"Vendor Advisory\"]}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2016-4443\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-12-14T18:59:01.403\",\"lastModified\":\"2024-11-21T02:52:12.713\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.\"},{\"lang\":\"es\",\"value\":\"Red Hat Enterprise Virtualization (RHEV) Manager 3.6 permite a usuarios locales obtener claves de encriptación, certificados y otra información sensible mediante la lectura del archivo de inicio de sesión engine-setup.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:enterprise_virtualization:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5611A87C-7A9C-4F81-9162-F06FD23709FA\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1929.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92751\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036863\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1335106\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1929.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1335106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"VDB Entry\",\"Vendor Advisory\"]}]}}", }, }
rhsa-2016:1929
Vulnerability from csaf_redhat
Published
2016-09-21 17:57
Modified
2024-11-14 19:57
Summary
Red Hat Security Advisory: Red Hat Virtualization Manager (RHV) bug fix 3.6.9
Notes
Topic
An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Red Hat Virtualization Manager is a centralized management platform
that allows system administrators to view and manage virtual machines. The
Manager provides a comprehensive range of features including search
capabilities, resource management, live migrations, and virtual
infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several
interfaces through which the virtual environment can be accessed and
interacted with, including an Administration Portal, a User Portal, and a
Representational State Transfer (REST) Application Programming Interface
(API).
Security Fix(es):
* A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords). (CVE-2016-4443)
This issue was discovered by Simone Tiraboschi (Red Hat).
Bug Fix(es):
* With this update, users are now warned to set the system in global maintenance mode before running the engine-setup command. This is because data corruption may occur if the engine-setup command is run without setting the system into global maintenance mode. This update means that the user is warned and the setup will be aborted if the system is not in global maintenance mode and the engine is running in the hosted engine configuration. (BZ#1359844)
* Previously, the update of the compatibility version of a cluster with many running virtual machines that are installed with the guest-agent caused a deadlock that caused the update to fail. In some cases, these clusters could not be upgraded to a newer compatibility version. Now, the deadlock in the database has been prevented so that a cluster with many running virtual machines that are installed with the guest-agent can be upgraded to newer compatibility version. (BZ#1369415)
* Previously, a virtual machine with a null CPU profile id stored in the database caused a NPE when editing the virtual machine. Now, a virtual machine with a null CPU profile id stored in the database is correctly handled and the virtual machine can be edited. (BZ#1373090)
* Setting only one of the thresholds for power saving/evenly distributed memory based balancing (high or low) can lead to unexpected results. For example, when in power saving load balancing the threshold for memory over utilized hosts was set with a value, and the threshold for memory under utilized hosts was undefined thus getting a default value of 0. All hosts were considered as under utilized hosts and were chosen as sources for migration, but no host was chosen as a destination for migration.
This has now been changed so that when the threshold for memory under utilized host is undefined, it gets a default value of Long.MAX. Now, when the threshold for memory over utilized hosts is set with a value, and the threshold for memory under utilized host is undefined, only over utilized hosts will be selected as sources for migration, and destination hosts will be hosts that are not over utilized. (BZ#1359767)
* Previously, recently added logs that printed the amount of virtual machines running on a host were excessively written to the log file. Now, the frequency of these log have been reduced by printing them only upon a change in the number of virtual machines running on the host. (BZ#1367519)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The Red Hat Virtualization Manager is a centralized management platform \nthat allows system administrators to view and manage virtual machines. The \nManager provides a comprehensive range of features including search \ncapabilities, resource management, live migrations, and virtual \ninfrastructure provisioning.\n \nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and \ninteracted with, including an Administration Portal, a User Portal, and a \nRepresentational State Transfer (REST) Application Programming Interface \n(API).\n\nSecurity Fix(es):\n\n* A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords). (CVE-2016-4443)\n\nThis issue was discovered by Simone Tiraboschi (Red Hat).\n\nBug Fix(es):\n\n* With this update, users are now warned to set the system in global maintenance mode before running the engine-setup command. This is because data corruption may occur if the engine-setup command is run without setting the system into global maintenance mode. This update means that the user is warned and the setup will be aborted if the system is not in global maintenance mode and the engine is running in the hosted engine configuration. (BZ#1359844)\n\n* Previously, the update of the compatibility version of a cluster with many running virtual machines that are installed with the guest-agent caused a deadlock that caused the update to fail. In some cases, these clusters could not be upgraded to a newer compatibility version. Now, the deadlock in the database has been prevented so that a cluster with many running virtual machines that are installed with the guest-agent can be upgraded to newer compatibility version. (BZ#1369415)\n\n* Previously, a virtual machine with a null CPU profile id stored in the database caused a NPE when editing the virtual machine. Now, a virtual machine with a null CPU profile id stored in the database is correctly handled and the virtual machine can be edited. (BZ#1373090)\n\n* Setting only one of the thresholds for power saving/evenly distributed memory based balancing (high or low) can lead to unexpected results. For example, when in power saving load balancing the threshold for memory over utilized hosts was set with a value, and the threshold for memory under utilized hosts was undefined thus getting a default value of 0. All hosts were considered as under utilized hosts and were chosen as sources for migration, but no host was chosen as a destination for migration.\n\nThis has now been changed so that when the threshold for memory under utilized host is undefined, it gets a default value of Long.MAX. Now, when the threshold for memory over utilized hosts is set with a value, and the threshold for memory under utilized host is undefined, only over utilized hosts will be selected as sources for migration, and destination hosts will be hosts that are not over utilized. (BZ#1359767)\n\n* Previously, recently added logs that printed the amount of virtual machines running on a host were excessively written to the log file. Now, the frequency of these log have been reduced by printing them only upon a change in the number of virtual machines running on the host. (BZ#1367519)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:1929", url: "https://access.redhat.com/errata/RHSA-2016:1929", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1335106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, { category: "external", summary: "1346754", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346754", }, { category: "external", summary: "1349345", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349345", }, { category: "external", summary: "1352462", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1352462", }, { category: "external", summary: "1356127", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356127", }, { category: "external", summary: "1356483", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356483", }, { category: "external", summary: "1358286", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358286", }, { category: "external", summary: "1359767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1359767", }, { category: "external", summary: "1359844", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1359844", }, { category: "external", summary: "1360775", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1360775", }, { category: "external", summary: "1361500", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1361500", }, { category: "external", summary: "1362001", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362001", }, { category: "external", summary: "1367519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367519", }, { category: "external", summary: "1369415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369415", }, { category: "external", summary: "1369695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369695", }, { category: "external", summary: "1372812", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1372812", }, { category: "external", summary: "1373090", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1373090", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1929.json", }, ], title: "Red Hat Security Advisory: Red Hat Virtualization Manager (RHV) bug fix 3.6.9", tracking: { current_release_date: "2024-11-14T19:57:34+00:00", generator: { date: "2024-11-14T19:57:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:1929", initial_release_date: "2016-09-21T17:57:10+00:00", revision_history: [ { date: "2016-09-21T17:57:10+00:00", number: "1", summary: "Initial version", }, { date: "2016-09-21T17:57:10+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T19:57:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHEV-M 3.6", product: { name: "RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6", product_identification_helper: { cpe: "cpe:/a:redhat:rhev_manager:3", }, }, }, ], category: "product_family", name: "Red Hat Virtualization", }, { branches: [ { category: "product_version", name: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-extensions-api-impl@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-backend@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-websocket-proxy@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-userportal-debuginfo@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-webadmin-portal-debuginfo@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-base@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-extensions-api-impl-javadoc@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-vmconsole-proxy-helper@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-vmconsole-proxy-helper@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-tools@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-dbscripts@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-ovirt-engine-common@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-webadmin-portal@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-restapi@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-websocket-proxy@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-tools-backup@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-ovirt-engine@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-lib@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-userportal@3.6.9.2-0.1.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "rhevm-0:3.6.9.2-0.1.el6.src", product: { name: "rhevm-0:3.6.9.2-0.1.el6.src", product_id: "rhevm-0:3.6.9.2-0.1.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm@3.6.9.2-0.1.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhevm-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-0:3.6.9.2-0.1.el6.src as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", }, product_reference: "rhevm-0:3.6.9.2-0.1.el6.src", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Simone Tiraboschi", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2016-4443", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2016-05-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1335106", }, ], notes: [ { category: "description", text: "A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords).", title: "Vulnerability description", }, { category: "summary", text: "org.ovirt.engine-root: engine-setup logs contained information for extracting admin password", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4443", }, { category: "external", summary: "RHBZ#1335106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4443", url: "https://www.cve.org/CVERecord?id=CVE-2016-4443", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4443", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4443", }, ], release_date: "2016-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-09-21T17:57:10+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1929", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, products: [ "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.ovirt.engine-root: engine-setup logs contained information for extracting admin password", }, ], }
rhsa-2016_1929
Vulnerability from csaf_redhat
Published
2016-09-21 17:57
Modified
2024-11-14 19:57
Summary
Red Hat Security Advisory: Red Hat Virtualization Manager (RHV) bug fix 3.6.9
Notes
Topic
An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Red Hat Virtualization Manager is a centralized management platform
that allows system administrators to view and manage virtual machines. The
Manager provides a comprehensive range of features including search
capabilities, resource management, live migrations, and virtual
infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several
interfaces through which the virtual environment can be accessed and
interacted with, including an Administration Portal, a User Portal, and a
Representational State Transfer (REST) Application Programming Interface
(API).
Security Fix(es):
* A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords). (CVE-2016-4443)
This issue was discovered by Simone Tiraboschi (Red Hat).
Bug Fix(es):
* With this update, users are now warned to set the system in global maintenance mode before running the engine-setup command. This is because data corruption may occur if the engine-setup command is run without setting the system into global maintenance mode. This update means that the user is warned and the setup will be aborted if the system is not in global maintenance mode and the engine is running in the hosted engine configuration. (BZ#1359844)
* Previously, the update of the compatibility version of a cluster with many running virtual machines that are installed with the guest-agent caused a deadlock that caused the update to fail. In some cases, these clusters could not be upgraded to a newer compatibility version. Now, the deadlock in the database has been prevented so that a cluster with many running virtual machines that are installed with the guest-agent can be upgraded to newer compatibility version. (BZ#1369415)
* Previously, a virtual machine with a null CPU profile id stored in the database caused a NPE when editing the virtual machine. Now, a virtual machine with a null CPU profile id stored in the database is correctly handled and the virtual machine can be edited. (BZ#1373090)
* Setting only one of the thresholds for power saving/evenly distributed memory based balancing (high or low) can lead to unexpected results. For example, when in power saving load balancing the threshold for memory over utilized hosts was set with a value, and the threshold for memory under utilized hosts was undefined thus getting a default value of 0. All hosts were considered as under utilized hosts and were chosen as sources for migration, but no host was chosen as a destination for migration.
This has now been changed so that when the threshold for memory under utilized host is undefined, it gets a default value of Long.MAX. Now, when the threshold for memory over utilized hosts is set with a value, and the threshold for memory under utilized host is undefined, only over utilized hosts will be selected as sources for migration, and destination hosts will be hosts that are not over utilized. (BZ#1359767)
* Previously, recently added logs that printed the amount of virtual machines running on a host were excessively written to the log file. Now, the frequency of these log have been reduced by printing them only upon a change in the number of virtual machines running on the host. (BZ#1367519)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The Red Hat Virtualization Manager is a centralized management platform \nthat allows system administrators to view and manage virtual machines. The \nManager provides a comprehensive range of features including search \ncapabilities, resource management, live migrations, and virtual \ninfrastructure provisioning.\n \nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and \ninteracted with, including an Administration Portal, a User Portal, and a \nRepresentational State Transfer (REST) Application Programming Interface \n(API).\n\nSecurity Fix(es):\n\n* A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords). (CVE-2016-4443)\n\nThis issue was discovered by Simone Tiraboschi (Red Hat).\n\nBug Fix(es):\n\n* With this update, users are now warned to set the system in global maintenance mode before running the engine-setup command. This is because data corruption may occur if the engine-setup command is run without setting the system into global maintenance mode. This update means that the user is warned and the setup will be aborted if the system is not in global maintenance mode and the engine is running in the hosted engine configuration. (BZ#1359844)\n\n* Previously, the update of the compatibility version of a cluster with many running virtual machines that are installed with the guest-agent caused a deadlock that caused the update to fail. In some cases, these clusters could not be upgraded to a newer compatibility version. Now, the deadlock in the database has been prevented so that a cluster with many running virtual machines that are installed with the guest-agent can be upgraded to newer compatibility version. (BZ#1369415)\n\n* Previously, a virtual machine with a null CPU profile id stored in the database caused a NPE when editing the virtual machine. Now, a virtual machine with a null CPU profile id stored in the database is correctly handled and the virtual machine can be edited. (BZ#1373090)\n\n* Setting only one of the thresholds for power saving/evenly distributed memory based balancing (high or low) can lead to unexpected results. For example, when in power saving load balancing the threshold for memory over utilized hosts was set with a value, and the threshold for memory under utilized hosts was undefined thus getting a default value of 0. All hosts were considered as under utilized hosts and were chosen as sources for migration, but no host was chosen as a destination for migration.\n\nThis has now been changed so that when the threshold for memory under utilized host is undefined, it gets a default value of Long.MAX. Now, when the threshold for memory over utilized hosts is set with a value, and the threshold for memory under utilized host is undefined, only over utilized hosts will be selected as sources for migration, and destination hosts will be hosts that are not over utilized. (BZ#1359767)\n\n* Previously, recently added logs that printed the amount of virtual machines running on a host were excessively written to the log file. Now, the frequency of these log have been reduced by printing them only upon a change in the number of virtual machines running on the host. (BZ#1367519)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:1929", url: "https://access.redhat.com/errata/RHSA-2016:1929", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1335106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, { category: "external", summary: "1346754", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346754", }, { category: "external", summary: "1349345", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349345", }, { category: "external", summary: "1352462", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1352462", }, { category: "external", summary: "1356127", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356127", }, { category: "external", summary: "1356483", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356483", }, { category: "external", summary: "1358286", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358286", }, { category: "external", summary: "1359767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1359767", }, { category: "external", summary: "1359844", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1359844", }, { category: "external", summary: "1360775", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1360775", }, { category: "external", summary: "1361500", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1361500", }, { category: "external", summary: "1362001", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362001", }, { category: "external", summary: "1367519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367519", }, { category: "external", summary: "1369415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369415", }, { category: "external", summary: "1369695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369695", }, { category: "external", summary: "1372812", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1372812", }, { category: "external", summary: "1373090", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1373090", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1929.json", }, ], title: "Red Hat Security Advisory: Red Hat Virtualization Manager (RHV) bug fix 3.6.9", tracking: { current_release_date: "2024-11-14T19:57:34+00:00", generator: { date: "2024-11-14T19:57:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:1929", initial_release_date: "2016-09-21T17:57:10+00:00", revision_history: [ { date: "2016-09-21T17:57:10+00:00", number: "1", summary: "Initial version", }, { date: "2016-09-21T17:57:10+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T19:57:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHEV-M 3.6", product: { name: "RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6", product_identification_helper: { cpe: "cpe:/a:redhat:rhev_manager:3", }, }, }, ], category: "product_family", name: "Red Hat Virtualization", }, { branches: [ { category: "product_version", name: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-extensions-api-impl@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-backend@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-websocket-proxy@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-userportal-debuginfo@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-webadmin-portal-debuginfo@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-base@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-extensions-api-impl-javadoc@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-vmconsole-proxy-helper@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-vmconsole-proxy-helper@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-tools@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-dbscripts@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-ovirt-engine-common@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-webadmin-portal@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-restapi@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-websocket-proxy@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-tools-backup@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-ovirt-engine@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-lib@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-userportal@3.6.9.2-0.1.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "rhevm-0:3.6.9.2-0.1.el6.src", product: { name: "rhevm-0:3.6.9.2-0.1.el6.src", product_id: "rhevm-0:3.6.9.2-0.1.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm@3.6.9.2-0.1.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhevm-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-0:3.6.9.2-0.1.el6.src as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", }, product_reference: "rhevm-0:3.6.9.2-0.1.el6.src", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Simone Tiraboschi", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2016-4443", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2016-05-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1335106", }, ], notes: [ { category: "description", text: "A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords).", title: "Vulnerability description", }, { category: "summary", text: "org.ovirt.engine-root: engine-setup logs contained information for extracting admin password", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4443", }, { category: "external", summary: "RHBZ#1335106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4443", url: "https://www.cve.org/CVERecord?id=CVE-2016-4443", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4443", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4443", }, ], release_date: "2016-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-09-21T17:57:10+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1929", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, products: [ "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.ovirt.engine-root: engine-setup logs contained information for extracting admin password", }, ], }
RHSA-2016:1929
Vulnerability from csaf_redhat
Published
2016-09-21 17:57
Modified
2024-11-14 19:57
Summary
Red Hat Security Advisory: Red Hat Virtualization Manager (RHV) bug fix 3.6.9
Notes
Topic
An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Red Hat Virtualization Manager is a centralized management platform
that allows system administrators to view and manage virtual machines. The
Manager provides a comprehensive range of features including search
capabilities, resource management, live migrations, and virtual
infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several
interfaces through which the virtual environment can be accessed and
interacted with, including an Administration Portal, a User Portal, and a
Representational State Transfer (REST) Application Programming Interface
(API).
Security Fix(es):
* A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords). (CVE-2016-4443)
This issue was discovered by Simone Tiraboschi (Red Hat).
Bug Fix(es):
* With this update, users are now warned to set the system in global maintenance mode before running the engine-setup command. This is because data corruption may occur if the engine-setup command is run without setting the system into global maintenance mode. This update means that the user is warned and the setup will be aborted if the system is not in global maintenance mode and the engine is running in the hosted engine configuration. (BZ#1359844)
* Previously, the update of the compatibility version of a cluster with many running virtual machines that are installed with the guest-agent caused a deadlock that caused the update to fail. In some cases, these clusters could not be upgraded to a newer compatibility version. Now, the deadlock in the database has been prevented so that a cluster with many running virtual machines that are installed with the guest-agent can be upgraded to newer compatibility version. (BZ#1369415)
* Previously, a virtual machine with a null CPU profile id stored in the database caused a NPE when editing the virtual machine. Now, a virtual machine with a null CPU profile id stored in the database is correctly handled and the virtual machine can be edited. (BZ#1373090)
* Setting only one of the thresholds for power saving/evenly distributed memory based balancing (high or low) can lead to unexpected results. For example, when in power saving load balancing the threshold for memory over utilized hosts was set with a value, and the threshold for memory under utilized hosts was undefined thus getting a default value of 0. All hosts were considered as under utilized hosts and were chosen as sources for migration, but no host was chosen as a destination for migration.
This has now been changed so that when the threshold for memory under utilized host is undefined, it gets a default value of Long.MAX. Now, when the threshold for memory over utilized hosts is set with a value, and the threshold for memory under utilized host is undefined, only over utilized hosts will be selected as sources for migration, and destination hosts will be hosts that are not over utilized. (BZ#1359767)
* Previously, recently added logs that printed the amount of virtual machines running on a host were excessively written to the log file. Now, the frequency of these log have been reduced by printing them only upon a change in the number of virtual machines running on the host. (BZ#1367519)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The Red Hat Virtualization Manager is a centralized management platform \nthat allows system administrators to view and manage virtual machines. The \nManager provides a comprehensive range of features including search \ncapabilities, resource management, live migrations, and virtual \ninfrastructure provisioning.\n \nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and \ninteracted with, including an Administration Portal, a User Portal, and a \nRepresentational State Transfer (REST) Application Programming Interface \n(API).\n\nSecurity Fix(es):\n\n* A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords). (CVE-2016-4443)\n\nThis issue was discovered by Simone Tiraboschi (Red Hat).\n\nBug Fix(es):\n\n* With this update, users are now warned to set the system in global maintenance mode before running the engine-setup command. This is because data corruption may occur if the engine-setup command is run without setting the system into global maintenance mode. This update means that the user is warned and the setup will be aborted if the system is not in global maintenance mode and the engine is running in the hosted engine configuration. (BZ#1359844)\n\n* Previously, the update of the compatibility version of a cluster with many running virtual machines that are installed with the guest-agent caused a deadlock that caused the update to fail. In some cases, these clusters could not be upgraded to a newer compatibility version. Now, the deadlock in the database has been prevented so that a cluster with many running virtual machines that are installed with the guest-agent can be upgraded to newer compatibility version. (BZ#1369415)\n\n* Previously, a virtual machine with a null CPU profile id stored in the database caused a NPE when editing the virtual machine. Now, a virtual machine with a null CPU profile id stored in the database is correctly handled and the virtual machine can be edited. (BZ#1373090)\n\n* Setting only one of the thresholds for power saving/evenly distributed memory based balancing (high or low) can lead to unexpected results. For example, when in power saving load balancing the threshold for memory over utilized hosts was set with a value, and the threshold for memory under utilized hosts was undefined thus getting a default value of 0. All hosts were considered as under utilized hosts and were chosen as sources for migration, but no host was chosen as a destination for migration.\n\nThis has now been changed so that when the threshold for memory under utilized host is undefined, it gets a default value of Long.MAX. Now, when the threshold for memory over utilized hosts is set with a value, and the threshold for memory under utilized host is undefined, only over utilized hosts will be selected as sources for migration, and destination hosts will be hosts that are not over utilized. (BZ#1359767)\n\n* Previously, recently added logs that printed the amount of virtual machines running on a host were excessively written to the log file. Now, the frequency of these log have been reduced by printing them only upon a change in the number of virtual machines running on the host. (BZ#1367519)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:1929", url: "https://access.redhat.com/errata/RHSA-2016:1929", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1335106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, { category: "external", summary: "1346754", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346754", }, { category: "external", summary: "1349345", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349345", }, { category: "external", summary: "1352462", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1352462", }, { category: "external", summary: "1356127", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356127", }, { category: "external", summary: "1356483", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356483", }, { category: "external", summary: "1358286", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1358286", }, { category: "external", summary: "1359767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1359767", }, { category: "external", summary: "1359844", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1359844", }, { category: "external", summary: "1360775", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1360775", }, { category: "external", summary: "1361500", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1361500", }, { category: "external", summary: "1362001", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362001", }, { category: "external", summary: "1367519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367519", }, { category: "external", summary: "1369415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369415", }, { category: "external", summary: "1369695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369695", }, { category: "external", summary: "1372812", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1372812", }, { category: "external", summary: "1373090", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1373090", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1929.json", }, ], title: "Red Hat Security Advisory: Red Hat Virtualization Manager (RHV) bug fix 3.6.9", tracking: { current_release_date: "2024-11-14T19:57:34+00:00", generator: { date: "2024-11-14T19:57:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:1929", initial_release_date: "2016-09-21T17:57:10+00:00", revision_history: [ { date: "2016-09-21T17:57:10+00:00", number: "1", summary: "Initial version", }, { date: "2016-09-21T17:57:10+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T19:57:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHEV-M 3.6", product: { name: "RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6", product_identification_helper: { cpe: "cpe:/a:redhat:rhev_manager:3", }, }, }, ], category: "product_family", name: "Red Hat Virtualization", }, { branches: [ { category: "product_version", name: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-extensions-api-impl@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-backend@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-websocket-proxy@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-userportal-debuginfo@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-webadmin-portal-debuginfo@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-base@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-extensions-api-impl-javadoc@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-vmconsole-proxy-helper@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-vmconsole-proxy-helper@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-tools@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-dbscripts@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-ovirt-engine-common@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-webadmin-portal@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-restapi@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-websocket-proxy@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-tools-backup@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-setup-plugin-ovirt-engine@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-lib@3.6.9.2-0.1.el6?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", product: { name: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", product_id: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm-userportal@3.6.9.2-0.1.el6?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "rhevm-0:3.6.9.2-0.1.el6.src", product: { name: "rhevm-0:3.6.9.2-0.1.el6.src", product_id: "rhevm-0:3.6.9.2-0.1.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm@3.6.9.2-0.1.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhevm-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-0:3.6.9.2-0.1.el6.src as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", }, product_reference: "rhevm-0:3.6.9.2-0.1.el6.src", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-backend-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-lib-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-tools-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, { category: "default_component_of", full_product_name: { name: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch as a component of RHEV-M 3.6", product_id: "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", }, product_reference: "rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", relates_to_product_reference: "6Server-RHEV-S-3.6", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Simone Tiraboschi", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2016-4443", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2016-05-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1335106", }, ], notes: [ { category: "description", text: "A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords).", title: "Vulnerability description", }, { category: "summary", text: "org.ovirt.engine-root: engine-setup logs contained information for extracting admin password", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4443", }, { category: "external", summary: "RHBZ#1335106", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4443", url: "https://www.cve.org/CVERecord?id=CVE-2016-4443", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4443", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4443", }, ], release_date: "2016-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-09-21T17:57:10+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:1929", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, products: [ "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-0:3.6.9.2-0.1.el6.src", "6Server-RHEV-S-3.6:rhevm-backend-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-dbscripts-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-extensions-api-impl-javadoc-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-lib-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-restapi-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-base-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-ovirt-engine-common-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-setup-plugin-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-tools-backup-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-userportal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-vmconsole-proxy-helper-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-webadmin-portal-debuginfo-0:3.6.9.2-0.1.el6.noarch", "6Server-RHEV-S-3.6:rhevm-websocket-proxy-0:3.6.9.2-0.1.el6.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.ovirt.engine-root: engine-setup logs contained information for extracting admin password", }, ], }
ghsa-crrm-jp94-w9fv
Vulnerability from github
Published
2022-05-17 03:21
Modified
2022-05-17 03:21
Severity ?
Details
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
{ affected: [], aliases: [ "CVE-2016-4443", ], database_specific: { cwe_ids: [ "CWE-532", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2016-12-14T18:59:00Z", severity: "MODERATE", }, details: "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.", id: "GHSA-crrm-jp94-w9fv", modified: "2022-05-17T03:21:19Z", published: "2022-05-17T03:21:19Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4443", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2016:1929", }, { type: "WEB", url: "https://access.redhat.com/security/cve/CVE-2016-4443", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2016-1929.html", }, { type: "WEB", url: "http://www.securityfocus.com/bid/92751", }, { type: "WEB", url: "http://www.securitytracker.com/id/1036863", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", type: "CVSS_V3", }, ], }
fkie_cve-2016-4443
Vulnerability from fkie_nvd
Published
2016-12-14 18:59
Modified
2024-11-21 02:52
Severity ?
Summary
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2016-1929.html | Mitigation, Patch, Vendor Advisory | |
secalert@redhat.com | http://www.securityfocus.com/bid/92751 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | http://www.securitytracker.com/id/1036863 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1335106 | Issue Tracking, VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-1929.html | Mitigation, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92751 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036863 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1335106 | Issue Tracking, VDB Entry, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
redhat | enterprise_virtualization | 3.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_virtualization:3.6:*:*:*:*:*:*:*", matchCriteriaId: "5611A87C-7A9C-4F81-9162-F06FD23709FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.", }, { lang: "es", value: "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 permite a usuarios locales obtener claves de encriptación, certificados y otra información sensible mediante la lectura del archivo de inicio de sesión engine-setup.", }, ], id: "CVE-2016-4443", lastModified: "2024-11-21T02:52:12.713", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-14T18:59:01.403", references: [ { source: "secalert@redhat.com", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1929.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/92751", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036863", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1929.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/92751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036863", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2016-4443
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
Aliases
Aliases
{ GSD: { alias: "CVE-2016-4443", description: "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.", id: "GSD-2016-4443", references: [ "https://access.redhat.com/errata/RHSA-2016:1929", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2016-4443", ], details: "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.", id: "GSD-2016-4443", modified: "2023-12-13T01:21:18.170926Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-4443", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_affected: "=", version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://rhn.redhat.com/errata/RHSA-2016-1929.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2016-1929.html", }, { name: "http://www.securityfocus.com/bid/92751", refsource: "MISC", url: "http://www.securityfocus.com/bid/92751", }, { name: "http://www.securitytracker.com/id/1036863", refsource: "MISC", url: "http://www.securitytracker.com/id/1036863", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:enterprise_virtualization:3.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-4443", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-532", }, ], }, ], }, references: { reference_data: [ { name: "1036863", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036863", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", refsource: "CONFIRM", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335106", }, { name: "RHSA-2016:1929", refsource: "REDHAT", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1929.html", }, { name: "92751", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/92751", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, }, }, lastModifiedDate: "2023-02-12T23:20Z", publishedDate: "2016-12-14T18:59Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.