Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2018-1074
Vulnerability from cvelistv5
Published
2018-04-26 17:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHBA-2018:1219 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2018:1219 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | ovirt-engine |
Version: ovirt-engine 4.2.2.5 Version: ovirt-engine 4.1.11.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:51:48.452Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", }, { name: "RHBA-2018:1219", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2018:1219", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ovirt-engine", vendor: "unspecified", versions: [ { status: "affected", version: "ovirt-engine 4.2.2.5", }, { status: "affected", version: " ovirt-engine 4.1.11.2", }, ], }, ], datePublic: "2018-04-26T00:00:00", descriptions: [ { lang: "en", value: "ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-27T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", }, { name: "RHBA-2018:1219", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2018:1219", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-1074", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ovirt-engine", version: { version_data: [ { version_value: "ovirt-engine 4.2.2.5", }, { version_value: " ovirt-engine 4.1.11.2", }, ], }, }, ], }, vendor_name: "", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", }, ], }, impact: { cvss: [ [ { vectorString: "7.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", }, { name: "RHBA-2018:1219", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2018:1219", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-1074", datePublished: "2018-04-26T17:00:00", dateReserved: "2017-12-04T00:00:00", dateUpdated: "2024-08-05T03:51:48.452Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.1.11.1\", \"matchCriteriaId\": \"0476809C-082C-4850-B174-BB8614B2C9D4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12544770-1AF9-4DD3-BC72-579DA0BC0F3E\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.\"}, {\"lang\": \"es\", \"value\": \"La API y el portal de administraci\\u00f3n web de ovirt-engine en versiones anteriores a la 4.2.2.5 y la 4.1.11.2 es vulnerable a una exposici\\u00f3n de credenciales de Power Management, incluyendo contrase\\u00f1as en texto claro para Host Administrators. Un Host Administrator podr\\u00eda utilizar este fallo para obtener acceso a los sistemas de gesti\\u00f3n de energ\\u00eda de los hosts que controlan.\"}]", id: "CVE-2018-1074", lastModified: "2024-11-21T03:59:07.570", metrics: "{\"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2018-04-26T17:29:00.510", references: "[{\"url\": \"https://access.redhat.com/errata/RHBA-2018:1219\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2018:1219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2018-1074\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-04-26T17:29:00.510\",\"lastModified\":\"2024-11-21T03:59:07.570\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.\"},{\"lang\":\"es\",\"value\":\"La API y el portal de administración web de ovirt-engine en versiones anteriores a la 4.2.2.5 y la 4.1.11.2 es vulnerable a una exposición de credenciales de Power Management, incluyendo contraseñas en texto claro para Host Administrators. Un Host Administrator podría utilizar este fallo para obtener acceso a los sistemas de gestión de energía de los hosts que controlan.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.1.11.1\",\"matchCriteriaId\":\"0476809C-082C-4850-B174-BB8614B2C9D4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12544770-1AF9-4DD3-BC72-579DA0BC0F3E\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHBA-2018:1219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2018:1219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}", }, }
rhba-2018_1219
Vulnerability from csaf_redhat
Published
2018-04-24 00:00
Modified
2024-11-14 23:32
Summary
Red Hat Bug Fix Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.11
Notes
Topic
An update is now available for Red Hat Virtualization Manager.
Details
The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several interfaces for accessing and interacting with the virtual environment, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Virtualization Manager.", title: "Topic", }, { category: "general", text: "The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces for accessing and interacting with the virtual environment, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API).", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2018:1219", url: "https://access.redhat.com/errata/RHBA-2018:1219", }, { category: "external", summary: "1556873", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1556873", }, { category: "external", summary: "1560574", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1560574", }, { category: "external", summary: "1561080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1561080", }, { category: "external", summary: "1561483", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1561483", }, { category: "external", summary: "1565173", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1565173", }, { category: "external", summary: "1568075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1568075", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_1219.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.11", tracking: { current_release_date: "2024-11-14T23:32:15+00:00", generator: { date: "2024-11-14T23:32:15+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2018:1219", initial_release_date: "2018-04-24T00:00:00+00:00", revision_history: [ { date: "2018-04-24T00:00:00+00:00", number: "1", summary: "Initial version", }, { date: "2018-04-24T15:29:58+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T23:32:15+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Virtualization Manager 4.1", product: { name: "Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhev_manager:4", }, }, }, ], category: "product_family", name: "Red Hat Virtualization", }, { branches: [ { category: "product_version", name: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-base@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-userportal@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-tools@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-backend@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-tools-backup@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-restapi@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-0:4.1.11.2-0.1.el7.noarch", product: { name: "rhevm-0:4.1.11.2-0.1.el7.noarch", product_id: "rhevm-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-dbscripts@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-extensions-api-impl-javadoc@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-lib@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-extensions-api-impl@4.1.11.2-0.1.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ovirt-engine-0:4.1.11.2-0.1.el7.src", product: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.src", product_id: "ovirt-engine-0:4.1.11.2-0.1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine@4.1.11.2-0.1.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.src as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", }, product_reference: "ovirt-engine-0:4.1.11.2-0.1.el7.src", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "rhevm-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "rhevm-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1074", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-03-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553529", }, ], notes: [ { category: "description", text: "The ovirt-engine API and administration web portal exposed Power Management credentials including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", title: "Vulnerability description", }, { category: "summary", text: "ovirt-engine: API exposes power management credentials to administrators", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1074", }, { category: "external", summary: "RHBZ#1553529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553529", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1074", url: "https://www.cve.org/CVERecord?id=CVE-2018-1074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1074", }, ], release_date: "2018-04-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-04-24T00:00:00+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891", product_ids: [ "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2018:1219", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ovirt-engine: API exposes power management credentials to administrators", }, ], }
RHBA-2018:1219
Vulnerability from csaf_redhat
Published
2018-04-24 00:00
Modified
2024-11-14 23:32
Summary
Red Hat Bug Fix Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.11
Notes
Topic
An update is now available for Red Hat Virtualization Manager.
Details
The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several interfaces for accessing and interacting with the virtual environment, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Virtualization Manager.", title: "Topic", }, { category: "general", text: "The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces for accessing and interacting with the virtual environment, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API).", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2018:1219", url: "https://access.redhat.com/errata/RHBA-2018:1219", }, { category: "external", summary: "1556873", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1556873", }, { category: "external", summary: "1560574", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1560574", }, { category: "external", summary: "1561080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1561080", }, { category: "external", summary: "1561483", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1561483", }, { category: "external", summary: "1565173", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1565173", }, { category: "external", summary: "1568075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1568075", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_1219.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.11", tracking: { current_release_date: "2024-11-14T23:32:15+00:00", generator: { date: "2024-11-14T23:32:15+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2018:1219", initial_release_date: "2018-04-24T00:00:00+00:00", revision_history: [ { date: "2018-04-24T00:00:00+00:00", number: "1", summary: "Initial version", }, { date: "2018-04-24T15:29:58+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T23:32:15+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Virtualization Manager 4.1", product: { name: "Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhev_manager:4", }, }, }, ], category: "product_family", name: "Red Hat Virtualization", }, { branches: [ { category: "product_version", name: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-base@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-userportal@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-tools@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-backend@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-tools-backup@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-restapi@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-0:4.1.11.2-0.1.el7.noarch", product: { name: "rhevm-0:4.1.11.2-0.1.el7.noarch", product_id: "rhevm-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-dbscripts@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-extensions-api-impl-javadoc@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-lib@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-extensions-api-impl@4.1.11.2-0.1.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ovirt-engine-0:4.1.11.2-0.1.el7.src", product: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.src", product_id: "ovirt-engine-0:4.1.11.2-0.1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine@4.1.11.2-0.1.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.src as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", }, product_reference: "ovirt-engine-0:4.1.11.2-0.1.el7.src", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "rhevm-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "rhevm-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1074", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-03-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553529", }, ], notes: [ { category: "description", text: "The ovirt-engine API and administration web portal exposed Power Management credentials including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", title: "Vulnerability description", }, { category: "summary", text: "ovirt-engine: API exposes power management credentials to administrators", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1074", }, { category: "external", summary: "RHBZ#1553529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553529", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1074", url: "https://www.cve.org/CVERecord?id=CVE-2018-1074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1074", }, ], release_date: "2018-04-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-04-24T00:00:00+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891", product_ids: [ "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2018:1219", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ovirt-engine: API exposes power management credentials to administrators", }, ], }
rhba-2018:1219
Vulnerability from csaf_redhat
Published
2018-04-24 00:00
Modified
2024-11-14 23:32
Summary
Red Hat Bug Fix Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.11
Notes
Topic
An update is now available for Red Hat Virtualization Manager.
Details
The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several interfaces for accessing and interacting with the virtual environment, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat Virtualization Manager.", title: "Topic", }, { category: "general", text: "The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces for accessing and interacting with the virtual environment, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API).", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2018:1219", url: "https://access.redhat.com/errata/RHBA-2018:1219", }, { category: "external", summary: "1556873", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1556873", }, { category: "external", summary: "1560574", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1560574", }, { category: "external", summary: "1561080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1561080", }, { category: "external", summary: "1561483", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1561483", }, { category: "external", summary: "1565173", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1565173", }, { category: "external", summary: "1568075", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1568075", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_1219.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.11", tracking: { current_release_date: "2024-11-14T23:32:15+00:00", generator: { date: "2024-11-14T23:32:15+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHBA-2018:1219", initial_release_date: "2018-04-24T00:00:00+00:00", revision_history: [ { date: "2018-04-24T00:00:00+00:00", number: "1", summary: "Initial version", }, { date: "2018-04-24T15:29:58+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T23:32:15+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Virtualization Manager 4.1", product: { name: "Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1", product_identification_helper: { cpe: "cpe:/a:redhat:rhev_manager:4", }, }, }, ], category: "product_family", name: "Red Hat Virtualization", }, { branches: [ { category: "product_version", name: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-base@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-userportal@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-tools@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-backend@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-tools-backup@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-restapi@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "rhevm-0:4.1.11.2-0.1.el7.noarch", product: { name: "rhevm-0:4.1.11.2-0.1.el7.noarch", product_id: "rhevm-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhevm@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-dbscripts@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-extensions-api-impl-javadoc@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-lib@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine@4.1.11.2-0.1.el7?arch=noarch", }, }, }, { category: "product_version", name: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", product: { name: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", product_id: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine-extensions-api-impl@4.1.11.2-0.1.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ovirt-engine-0:4.1.11.2-0.1.el7.src", product: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.src", product_id: "ovirt-engine-0:4.1.11.2-0.1.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/ovirt-engine@4.1.11.2-0.1.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-0:4.1.11.2-0.1.el7.src as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", }, product_reference: "ovirt-engine-0:4.1.11.2-0.1.el7.src", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, { category: "default_component_of", full_product_name: { name: "rhevm-0:4.1.11.2-0.1.el7.noarch as a component of Red Hat Virtualization Manager 4.1", product_id: "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", }, product_reference: "rhevm-0:4.1.11.2-0.1.el7.noarch", relates_to_product_reference: "7Server-RHV-S-4.1", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1074", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2018-03-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1553529", }, ], notes: [ { category: "description", text: "The ovirt-engine API and administration web portal exposed Power Management credentials including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", title: "Vulnerability description", }, { category: "summary", text: "ovirt-engine: API exposes power management credentials to administrators", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1074", }, { category: "external", summary: "RHBZ#1553529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1553529", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1074", url: "https://www.cve.org/CVERecord?id=CVE-2018-1074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1074", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1074", }, ], release_date: "2018-04-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-04-24T00:00:00+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891", product_ids: [ "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2018:1219", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-0:4.1.11.2-0.1.el7.src", "7Server-RHV-S-4.1:ovirt-engine-backend-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-dbscripts-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-extensions-api-impl-javadoc-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-lib-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-restapi-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-base-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-setup-plugin-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-tools-backup-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-userportal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-vmconsole-proxy-helper-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-webadmin-portal-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:ovirt-engine-websocket-proxy-0:4.1.11.2-0.1.el7.noarch", "7Server-RHV-S-4.1:rhevm-0:4.1.11.2-0.1.el7.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ovirt-engine: API exposes power management credentials to administrators", }, ], }
fkie_cve-2018-1074
Vulnerability from fkie_nvd
Published
2018-04-26 17:29
Modified
2024-11-21 03:59
Severity ?
7.7 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHBA-2018:1219 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2018:1219 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ovirt | ovirt | * | |
| redhat | enterprise_virtualization | 4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*", matchCriteriaId: "0476809C-082C-4850-B174-BB8614B2C9D4", versionEndIncluding: "4.1.11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*", matchCriteriaId: "12544770-1AF9-4DD3-BC72-579DA0BC0F3E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", }, { lang: "es", value: "La API y el portal de administración web de ovirt-engine en versiones anteriores a la 4.2.2.5 y la 4.1.11.2 es vulnerable a una exposición de credenciales de Power Management, incluyendo contraseñas en texto claro para Host Administrators. Un Host Administrator podría utilizar este fallo para obtener acceso a los sistemas de gestión de energía de los hosts que controlan.", }, ], id: "CVE-2018-1074", lastModified: "2024-11-21T03:59:07.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.1, impactScore: 4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-26T17:29:00.510", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2018:1219", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2018:1219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2018-1074
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
Aliases
Aliases
{ GSD: { alias: "CVE-2018-1074", description: "ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", id: "GSD-2018-1074", references: [ "https://access.redhat.com/errata/RHBA-2018:1219", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2018-1074", ], details: "ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", id: "GSD-2018-1074", modified: "2023-12-13T01:22:37.422354Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-1074", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ovirt-engine", version: { version_data: [ { version_value: "ovirt-engine 4.2.2.5", }, { version_value: " ovirt-engine 4.1.11.2", }, ], }, }, ], }, vendor_name: "", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", }, ], }, impact: { cvss: [ [ { vectorString: "7.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", }, { name: "RHBA-2018:1219", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2018:1219", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "4.1.11.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-1074", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-522", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", refsource: "CONFIRM", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", }, { name: "RHBA-2018:1219", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2018:1219", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, }, }, lastModifiedDate: "2019-11-06T20:49Z", publishedDate: "2018-04-26T17:29Z", }, }, }
ghsa-qmxf-r2wh-hqpc
Vulnerability from github
Published
2022-05-13 01:30
Modified
2022-05-13 01:30
Severity ?
Details
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
{ affected: [], aliases: [ "CVE-2018-1074", ], database_specific: { cwe_ids: [ "CWE-522", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2018-04-26T17:29:00Z", severity: "HIGH", }, details: "ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.", id: "GHSA-qmxf-r2wh-hqpc", modified: "2022-05-13T01:30:40Z", published: "2022-05-13T01:30:40Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1074", }, { type: "WEB", url: "https://access.redhat.com/errata/RHBA-2018:1219", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.