CVE-2016-4443

CWE-532Log File Information Exposure5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 85.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Virtualization
Timeline
PublishedDec 14
Latest updateMay 17

Description

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

Patches

Patch: rhn.redhat.comPatch: rhn.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-crrm-jp94-w9fv: Red Hat Enterprise Virtualization (RHEV) Manager 32022-05-17
CVEList
CVE-2016-4443: Red Hat Enterprise Virtualization (RHEV) Manager 32016-12-14

📋Vendor Advisories

1
Red Hat
org.ovirt.engine-root: engine-setup logs contained information for extracting admin password2016-09-02

💬Community

1
Bugzilla
CVE-2016-4443 org.ovirt.engine-root: engine-setup logs contained information for extracting admin password2016-05-11
CVE-2016-4443 (MEDIUM CVSS 5.5) | Red Hat Enterprise Virtualization ( | cvebase.io