CVE-2012-2696
low
CVSS v3
—
CVSS v2
2.7
VIR risk
2.7
Description
The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2012-1506.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | enterprise_virtualization_manager | {"endIncluding":"3.0"} | |
| redhat | enterprise_virtualization_manager | 2.1 | |
| redhat | enterprise_virtualization_manager | 2.2 | |
| redhat | enterprise_virtualization_manager | 2.2.3 | |
References
- http://rhn.redhat.com/errata/RHSA-2012-1506.html
- http://www.securityfocus.com/bid/56825
- http://www.securitytracker.com/id?1027838
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80545
- http://rhn.redhat.com/errata/RHSA-2012-1506.html
- http://www.securityfocus.com/bid/56825
- http://www.securitytracker.com/id?1027838
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80545
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.