CVE-2013-0168

CWE-2645 documents5 sources

Severity

4.0MEDIUM

EPSS

0.6%

top 31.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization Manager

Timeline

PublishedMar 12

Latest updateMay 5

Description

The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization_manager3.1+4

🔴Vulnerability Details

GHSA

GHSA-cw86-5m65-cvg3: The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3↗2022-05-05

▶

CVEList

CVE-2013-0168: The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3↗2013-03-12

▶

📋Vendor Advisories

Red Hat

rhev-m: insufficient MoveDisk target domain permission checks↗2013-02-04

▶

💬Community

Bugzilla

CVE-2013-0168 rhev-m: insufficient MoveDisk target domain permission checks↗2013-01-09

▶