CVE-2012-2696

CWE-2645 documents5 sources
Severity
2.7LOW
EPSS
0.1%
top 65.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Virtualization Manager
Timeline
PublishedJan 4
Latest updateMay 17

Description

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.

CVSS vector

AV:A/AC:L/C:P/I:N/A:NExploitability: 5.1 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4pfr-fjxw-j2c5: The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 32022-05-17
CVEList
CVE-2012-2696: The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 32013-01-04

📋Vendor Advisories

1
Red Hat
rhev: backend allows unprivileged queries2012-12-04

💬Community

1
Bugzilla
CVE-2012-2696 rhev: backend allows unprivileged queries2012-06-13
CVE-2012-2696 (LOW CVSS 2.7) | The backend in Red Hat Enterprise V | cvebase.io