CVE-2015-1841

CWE-178 documents5 sources

Severity

3.7LOW

EPSS

0.1%

top 83.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization

Timeline

PublishedSep 8

Latest updateMay 17

Description

The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization3.0

🔴Vulnerability Details

GHSA

GHSA-hf5q-rvmp-xhfh: The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in t↗2022-05-17

▶

CVEList

CVE-2015-1841: The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in t↗2015-09-08

▶

📋Vendor Advisories

Red Hat

RHEV-M: webadmin automatic logout fails if VM is selected↗2015-03-26

▶

💬Community

Bugzilla

CVE-2015-1302 chromium-browser: information leak in PDF viewer↗2015-11-11

▶

Bugzilla

CVE-2015-1303 chromium-browser: Cross-origin bypass in DOM↗2015-09-25

▶

Bugzilla

CVE-2015-1304 chromium-browser: Cross-origin bypass in V8↗2015-09-25

▶

Bugzilla

CVE-2015-1841 RHEV-M: webadmin automatic logout fails if VM is selected↗2015-03-26

▶