CVE-2011-4316

2013-01-0422:55:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-4316

red hat enterprise virtualization manager

rhev-m

spice sessions

desktop screen

security vulnerability

local users

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users’ desktop sessions via unspecified vectors.

Affected configurations

NVD

Node

redhatenterprise_virtualization_managerRange≤3.0

redhatenterprise_virtualization_managerMatch2.1

redhatenterprise_virtualization_managerMatch2.2

redhatenterprise_virtualization_managerMatch2.2.3

CPENameOperatorVersion
redhat:enterprise_virtualization_managerredhat enterprise virtualization managerle3.0
redhat:enterprise_virtualization_managerredhat enterprise virtualization managereq2.1
redhat:enterprise_virtualization_managerredhat enterprise virtualization managereq2.2
redhat:enterprise_virtualization_managerredhat enterprise virtualization managereq2.2.3

CPE	Name	Operator	Version
redhat:enterprise_virtualization_manager	redhat enterprise virtualization manager	le	3.0
redhat:enterprise_virtualization_manager	redhat enterprise virtualization manager	eq	2.1
redhat:enterprise_virtualization_manager	redhat enterprise virtualization manager	eq	2.2
redhat:enterprise_virtualization_manager	redhat enterprise virtualization manager	eq	2.2.3