CVE-2012-6115

CWE-2555 documents5 sources
Severity
2.1LOW
EPSS
0.1%
top 80.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Virtualization Manager
Timeline
PublishedMar 12
Latest updateMay 17

Description

The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v9rq-qgv5-9mqc: The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 32022-05-17
CVEList
CVE-2012-6115: The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 32013-03-12

📋Vendor Advisories

1
Red Hat
rhev: rhevm-manage-domains logs admin passwords2012-12-17

💬Community

1
Bugzilla
CVE-2012-6115 rhev: rhevm-manage-domains logs admin passwords2013-01-30
CVE-2012-6115 (LOW CVSS 2.1) | The domain management tool (rhevm-m | cvebase.io