CVE-2015-0237

CWE-264 CWE-732 — Incorrect Permission Assignment5 documents5 sources

Severity

6.8MEDIUM

EPSS

0.4%

top 38.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization Manager

Timeline

PublishedMay 1

Latest updateMay 17

Description

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization_manager3.5.0

🔴Vulnerability Details

GHSA

GHSA-w75w-f8r5-wc7w: Red Hat Enterprise Virtualization (RHEV) Manager before 3↗2022-05-17

▶

CVEList

CVE-2015-0237: Red Hat Enterprise Virtualization (RHEV) Manager before 3↗2015-05-01

▶

📋Vendor Advisories

Red Hat

vdsm: Users attempting a live storage migration create snapshot without snapshot creation permissions↗2015-02-04

▶

💬Community

Bugzilla

CVE-2015-0237 vdsm: Users attempting a live storage migration create snapshot without snapshot creation permissions↗2015-01-22

▶