Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-5432 (GCVE-0-2016-5432)
Vulnerability from cvelistv5 – Published: 2016-10-03 18:00 – Updated: 2024-08-06 01:01
VLAI
EPSS
Summary
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
Severity
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e0… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-1967.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=1371428 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/92694 | vdb-entryx_refsource_BID |
Date Public
2016-09-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:01:00.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
},
{
"name": "RHSA-2016:1967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"name": "92694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
},
{
"name": "RHSA-2016:1967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"name": "92694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92694"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5432",
"datePublished": "2016-10-03T18:00:00.000Z",
"dateReserved": "2016-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:01:00.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-5432",
"date": "2026-06-13",
"epss": "0.00134",
"percentile": "0.33236"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-5432\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-10-03T18:59:07.677\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.\"},{\"lang\":\"es\",\"value\":\"La utilidad ovirt-engine-provisiondb en Red Hat Enterprise Virtualization (RHEV) Engine 4.0 permite a usuarios locales obtener informaci\u00f3n sensible del aprovisionamiento de la base de datos leyendo los archivos de registro.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12544770-1AF9-4DD3-BC72-579DA0BC0F3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1967.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92694\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1371428\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1967.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1371428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
}
}
Title
Red Hat oVirt Engine信息泄露漏洞(CNVD-2016-07080)
Description
Red Hat oVirt Engine是美国红帽(Red Hat)公司的一套开源的虚拟化管理平台,是RHEV(企业虚拟化平台)的开源版本,由ovirt-node客户端和overt-engine管理端组成。
Red Hat oVirt Engine中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。
Severity
中
Patch Name
Red Hat oVirt Engine信息泄露漏洞(CNVD-2016-07080)的补丁
Patch Description
Red Hat oVirt Engine是美国红帽(Red Hat)公司的一套开源的虚拟化管理平台,是RHEV(企业虚拟化平台)的开源版本,由ovirt-node客户端和overt-engine管理端组成。
Red Hat oVirt Engine中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页: http://www.ovirt.org/
Reference
http://www.securityfocus.com/bid/92694
Impacted products
| Name | Red Hat oVirt Engine 0 |
|---|
{
"bids": {
"bid": {
"bidNumber": "92694"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-5432"
}
},
"description": "Red Hat oVirt Engine\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u865a\u62df\u5316\u7ba1\u7406\u5e73\u53f0\uff0c\u662fRHEV\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\u7684\u5f00\u6e90\u7248\u672c\uff0c\u7531ovirt-node\u5ba2\u6237\u7aef\u548covert-engine\u7ba1\u7406\u7aef\u7ec4\u6210\u3002\r\n\r\nRed Hat oVirt Engine\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Yedidyah Bar David (Red Hat).",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.ovirt.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-07080",
"openTime": "2016-09-02",
"patchDescription": "Red Hat oVirt Engine\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u865a\u62df\u5316\u7ba1\u7406\u5e73\u53f0\uff0c\u662fRHEV\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\u7684\u5f00\u6e90\u7248\u672c\uff0c\u7531ovirt-node\u5ba2\u6237\u7aef\u548covert-engine\u7ba1\u7406\u7aef\u7ec4\u6210\u3002\r\n\r\nRed Hat oVirt Engine\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Red Hat oVirt Engine\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-07080\uff09\u7684\u8865\u4e01",
"products": {
"product": "Red Hat oVirt Engine 0"
},
"referenceLink": "http://www.securityfocus.com/bid/92694",
"serverity": "\u4e2d",
"submitTime": "2016-09-02",
"title": "Red Hat oVirt Engine\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-07080\uff09"
}
FKIE_CVE-2016-5432
Vulnerability from fkie_nvd - Published: 2016-10-03 18:59 - Updated: 2026-05-06 22:30
Severity
Summary
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_virtualization | 4.0 | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12544770-1AF9-4DD3-BC72-579DA0BC0F3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files."
},
{
"lang": "es",
"value": "La utilidad ovirt-engine-provisiondb en Red Hat Enterprise Virtualization (RHEV) Engine 4.0 permite a usuarios locales obtener informaci\u00f3n sensible del aprovisionamiento de la base de datos leyendo los archivos de registro."
}
],
"id": "CVE-2016-5432",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-03T18:59:07.677",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/92694"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8PC7-RGGG-XW6R
Vulnerability from github – Published: 2022-05-17 03:40 – Updated: 2022-05-17 03:40
VLAI
Details
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
Severity
{
"affected": [],
"aliases": [
"CVE-2016-5432"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-03T18:59:00Z",
"severity": "LOW"
},
"details": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.",
"id": "GHSA-8pc7-rggg-xw6r",
"modified": "2022-05-17T03:40:37Z",
"published": "2022-05-17T03:40:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5432"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:1967"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2016-5432"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"type": "WEB",
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92694"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2016-5432
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-5432",
"description": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.",
"id": "GSD-2016-5432",
"references": [
"https://access.redhat.com/errata/RHSA-2016:1967"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-5432"
],
"details": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.",
"id": "GSD-2016-5432",
"modified": "2023-12-13T01:21:25.749254Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-1967.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
},
{
"name": "http://www.securityfocus.com/bid/92694",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/92694"
},
{
"name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129",
"refsource": "MISC",
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5432"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"name": "RHSA-2016:1967",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1967.html"
},
{
"name": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129"
},
{
"name": "92694",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/92694"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-02-12T23:24Z",
"publishedDate": "2016-10-03T18:59Z"
}
}
}
RHSA-2016:1967
Vulnerability from csaf_redhat - Published: 2016-09-28 21:02 - Updated: 2025-11-21 17:57Summary
Red Hat Security Advisory: org.ovirt.engine-root security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for org.ovirt.engine-root is now available for RHEV Engine version 4.0.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Red Hat Virtualization Manager is a centralized management platform
that allows system administrators to view and manage virtual machines. The
Manager provides a comprehensive range of features including search
capabilities, resource management, live migrations, and virtual
infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several
interfaces through which the virtual environment can be accessed and
interacted with, including an Administration Portal, a User Portal, and a
Representational State Transfer (REST) Application Programming Interface
(API).
Security Fix(es):
* It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the "--provision*db" options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords. (CVE-2016-5432)
This issue was discovered by Yedidyah Bar David (Red Hat).
Bug Fix(es):
* Previously, when checking permissions for a CPU profile, group permissions were not considered. Users that were part of a group could not assign a CPU profile and so could not start a virtual machine. This was fixed by using PermissionDao and correct SQL functions when checking permissions, so group permissions are now considered. (BZ#1371888)
* Setting only one of the thresholds for power saving/evenly distributed memory based balancing (high or low) can lead to unexpected results. For example, when in power saving load balancing the threshold for memory over utilized hosts was set with a value, and the threshold for memory under utilized hosts was undefined thus getting a default value of 0. All hosts were considered as under utilized hosts and were chosen as sources for migration, but no host was chosen as a destination for migration.
This has now been changed so that when the threshold for memory under utilized host is undefined, it gets a default value of Long.MAX. Now, when the threshold for memory over utilized hosts is set with a value, and the threshold for memory under utilized host is undefined, only over utilized hosts will be selected as sources for migration, and destination hosts will be hosts that are not over utilized. (BZ#1354281)
* This update ensures that Quality of Service (QoS) Storage values that are sent to the VDSM service, are used by the VDSM and Memory Overcommit Manager (MoM). The result is that QoS is live-applied on virtual machines, and all MoM-related virtual machine changes are only applied when the memory ballooning device is enabled on the virtual machine. (BZ#1328731)
Enhancement(s):
* Previously, it was possible to install incorrect versions of virtio drivers, especially when running an older Windows operating system. This sometimes caused the guest to terminate unexpectedly with a stop error, also known as the "Blue Screen of Death", if the particular driver and Windows versions were incompatible. This update adds target OS version information to driver files, which enables Windows to automatically select the best driver when pointed to the root of the virtio-win CD image. Installing an incompatible driver version manually is also no longer possible, as Windows now presents the user with an error message if installation is attempted. (BZ#1328181)
* With this release, Red Hat Virtualization now supports CephFS as a POSIX storage domain. (BZ#1095615)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the “—provision*db” options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords.
5.9 (Medium)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-S-4.0:rhevm-0:4.0.4.4-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
15 references
Acknowledgments
Red Hat
Yedidyah Bar David
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for org.ovirt.engine-root is now available for RHEV Engine version 4.0.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Virtualization Manager is a centralized management platform\nthat allows system administrators to view and manage virtual machines. The\nManager provides a comprehensive range of features including search\ncapabilities, resource management, live migrations, and virtual\ninfrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and\ninteracted with, including an Administration Portal, a User Portal, and a\nRepresentational State Transfer (REST) Application Programming Interface\n(API).\n\nSecurity Fix(es):\n\n* It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the \"--provision*db\" options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords. (CVE-2016-5432)\n\nThis issue was discovered by Yedidyah Bar David (Red Hat).\n\nBug Fix(es):\n\n* Previously, when checking permissions for a CPU profile, group permissions were not considered. Users that were part of a group could not assign a CPU profile and so could not start a virtual machine. This was fixed by using PermissionDao and correct SQL functions when checking permissions, so group permissions are now considered. (BZ#1371888)\n\n* Setting only one of the thresholds for power saving/evenly distributed memory based balancing (high or low) can lead to unexpected results. For example, when in power saving load balancing the threshold for memory over utilized hosts was set with a value, and the threshold for memory under utilized hosts was undefined thus getting a default value of 0. All hosts were considered as under utilized hosts and were chosen as sources for migration, but no host was chosen as a destination for migration.\n\nThis has now been changed so that when the threshold for memory under utilized host is undefined, it gets a default value of Long.MAX. Now, when the threshold for memory over utilized hosts is set with a value, and the threshold for memory under utilized host is undefined, only over utilized hosts will be selected as sources for migration, and destination hosts will be hosts that are not over utilized. (BZ#1354281)\n\n* This update ensures that Quality of Service (QoS) Storage values that are sent to the VDSM service, are used by the VDSM and Memory Overcommit Manager (MoM). The result is that QoS is live-applied on virtual machines, and all MoM-related virtual machine changes are only applied when the memory ballooning device is enabled on the virtual machine. (BZ#1328731)\n\nEnhancement(s):\n\n* Previously, it was possible to install incorrect versions of virtio drivers, especially when running an older Windows operating system. This sometimes caused the guest to terminate unexpectedly with a stop error, also known as the \"Blue Screen of Death\", if the particular driver and Windows versions were incompatible. This update adds target OS version information to driver files, which enables Windows to automatically select the best driver when pointed to the root of the virtio-win CD image. Installing an incompatible driver version manually is also no longer possible, as Windows now presents the user with an error message if installation is attempted. (BZ#1328181)\n\n* With this release, Red Hat Virtualization now supports CephFS as a POSIX storage domain. (BZ#1095615)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1967",
"url": "https://access.redhat.com/errata/RHSA-2016:1967"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1095615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095615"
},
{
"category": "external",
"summary": "1328181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328181"
},
{
"category": "external",
"summary": "1328731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328731"
},
{
"category": "external",
"summary": "1339660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339660"
},
{
"category": "external",
"summary": "1354281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1354281"
},
{
"category": "external",
"summary": "1368202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368202"
},
{
"category": "external",
"summary": "1371428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"category": "external",
"summary": "1371888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371888"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1967.json"
}
],
"title": "Red Hat Security Advisory: org.ovirt.engine-root security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:57:38+00:00",
"generator": {
"date": "2025-11-21T17:57:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2016:1967",
"initial_release_date": "2016-09-28T21:02:10+00:00",
"revision_history": [
{
"date": "2016-09-28T21:02:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-09-28T21:02:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:57:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEV-M 4.0",
"product": {
"name": "RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhev_manager:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-userportal@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-userportal-debuginfo@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-lib@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extensions-api-impl-javadoc@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extensions-api-impl@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal-debuginfo@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-backend@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhevm-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "rhevm-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "rhevm-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhevm@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.0.4.4-0.1.el7ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ovirt-engine-0:4.0.4.4-0.1.el7ev.src",
"product": {
"name": "ovirt-engine-0:4.0.4.4-0.1.el7ev.src",
"product_id": "ovirt-engine-0:4.0.4.4-0.1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.0.4.4-0.1.el7ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.0.4.4-0.1.el7ev.src as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.src"
},
"product_reference": "ovirt-engine-0:4.0.4.4-0.1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhevm-0:4.0.4.4-0.1.el7ev.noarch as a component of RHEV-M 4.0",
"product_id": "7Server-RHEV-S-4.0:rhevm-0:4.0.4.4-0.1.el7ev.noarch"
},
"product_reference": "rhevm-0:4.0.4.4-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-S-4.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Yedidyah Bar David"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2016-5432",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"discovery_date": "2016-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1371428"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the \u201c\u2014provision*db\u201d options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ovirt-engine: ovirt-engine-provisiondb logs contain DB username and password in plain text",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.src",
"7Server-RHEV-S-4.0:ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:rhevm-0:4.0.4.4-0.1.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5432"
},
{
"category": "external",
"summary": "RHBZ#1371428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371428"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5432",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5432"
}
],
"release_date": "2016-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-28T21:02:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.src",
"7Server-RHEV-S-4.0:ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:rhevm-0:4.0.4.4-0.1.el7ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1967"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-0:4.0.4.4-0.1.el7ev.src",
"7Server-RHEV-S-4.0:ovirt-engine-backend-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-dbscripts-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-extensions-api-impl-javadoc-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-lib-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-restapi-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-base-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-setup-plugin-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-tools-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-tools-backup-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-userportal-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-userportal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-vmconsole-proxy-helper-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-webadmin-portal-debuginfo-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:ovirt-engine-websocket-proxy-0:4.0.4.4-0.1.el7ev.noarch",
"7Server-RHEV-S-4.0:rhevm-0:4.0.4.4-0.1.el7ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ovirt-engine: ovirt-engine-provisiondb logs contain DB username and password in plain text"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…