CVE-2016-5432

CWE-532 — Log File Information Exposure CWE-312 — Cleartext Storage of Sensitive Info5 documents5 sources

Severity

3.3LOW

EPSS

0.1%

top 66.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization

Timeline

PublishedOct 3

Latest updateMay 17

Description

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization4.0

Patches

Patch: bugzilla.redhat.com ↗Patch: gerrit.ovirt.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-8pc7-rggg-xw6r: The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4↗2022-05-17

▶

CVEList

CVE-2016-5432: The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4↗2016-10-03

▶

📋Vendor Advisories

Red Hat

ovirt-engine: ovirt-engine-provisiondb logs contain DB username and password in plain text↗2016-08-30

▶

💬Community

Bugzilla

CVE-2016-5432 ovirt-engine: ovirt-engine-provisiondb logs contain DB username and password in plain text↗2016-08-30

▶