Lucene search

[email protected]CVE-2016-5432

HistoryOct 03, 2016 - 6:59 p.m.

CVE-2016-5432

2016-10-0318:59:00

CWE-532

[email protected]

web.nvd.nist.gov

cve-2016-5432

ovirt-engine-provisiondb

red hat enterprise virtualization

rhev

database

log files

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.7 Low

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

CPENameOperatorVersion
redhat:enterprise_virtualizationredhat enterprise virtualizationeq4.0

CPE	Name	Operator	Version
redhat:enterprise_virtualization	redhat enterprise virtualization	eq	4.0

References

rhn.redhat.com/errata/RHSA-2016-1967.html

www.securityfocus.com/bid/92694

bugzilla.redhat.com/show_bug.cgi?id=1371428

gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.7 Low

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2016-5432

nessus1 redhat1 prion1 redhatcve1