CVE-2015-7544

CWE-74 CWE-20 — Improper Input Validation5 documents5 sources

Severity

9.1CRITICAL

EPSS

0.9%

top 23.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization Manager

Timeline

PublishedSep 25

Latest updateMay 17

Description

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization_manager3.4, 3.4.1, 3.5.0+2

🔴Vulnerability Details

GHSA

GHSA-w3v3-p323-g553: redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3↗2022-05-17

▶

CVEList

CVE-2015-7544: redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3↗2017-09-25

▶

📋Vendor Advisories

Red Hat

redhat-support-plugin-rhev: Remote code execution by SuperUser role on hosts in RHEV↗2015-12-07

▶

💬Community

Bugzilla

CVE-2015-7544 redhat-support-plugin-rhev: Remote code execution by SuperUser role on hosts in RHEV↗2015-10-07

▶