CVE-2012-0860

CWE-3775 documents5 sources
Severity
6.2MEDIUM
EPSS
0.1%
top 82.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Virtualization Manager
Timeline
PublishedJan 4
Latest updateMay 17

Description

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4mjh-cm44-g6gj: Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 32022-05-17
CVEList
CVE-2012-0860: Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 32013-01-04

📋Vendor Advisories

1
Red Hat
rhev: vds_installer insecure /tmp use2012-12-04

💬Community

1
Bugzilla
CVE-2012-0860 rhev: vds_installer insecure /tmp use2012-02-15
CVE-2012-0860 (MEDIUM CVSS 6.2) | Multiple untrusted search path vuln | cvebase.io