CVE-2015-5201

CWE-306Missing AuthenticationCWE-20Improper Input Validation5 documents5 sources
Severity
7.5HIGH
EPSS
0.5%
top 35.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat Enterprise VirtualizationRedhat Enterprise Virtualization HypervisorRedhat Enterprise Virtualization Hypervisor (aka Rhev-h)
Timeline
PublishedFeb 25
Latest updateMay 24

Description

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5redhat/enterprise_virtualization_hypervisor_(aka_rhev-h)7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0
NVDredhat/enterprise_virtualization_hypervisor6-6.06-6.7-20151117.0+1

🔴Vulnerability Details

2
GHSA
GHSA-2896-6gvq-8vjr: VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-72022-05-24
CVEList
CVE-2015-5201: VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-72020-02-25

📋Vendor Advisories

1
Red Hat
RHEV: vdsm spice disable-ticketing and VM suspend and restore allows auth bypass2015-09-15

💬Community

1
Bugzilla
CVE-2015-5201 RHEV: vdsm spice disable-ticketing and VM suspend and restore allows auth bypass2015-08-15
CVE-2015-5201 (HIGH CVSS 7.5) | VDSM and libvirt in Red Hat Enterpr | cvebase.io