Описание
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.2.4 (включая)
Одно из
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_3.0_management_engine:5.2.3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00131
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
redhat
больше 11 лет назад
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
github
больше 3 лет назад
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
EPSS
Процентиль: 33%
0.00131
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-255