VIR Vulnerability Intelligence Relay

CVE-2016-5432

low
Published 2016-10-03 · Modified 2026-05-06
CVSS v3
3.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS v2
2.1
VIR risk
3.3

Description

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

Predictions

Exploit likelihood
34%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=1371428

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2016-1967.html

OS impact
OSVersionStatusFixed in
redhat rhel7.0not-affected

Application impact
VendorProductVersionsFixed
redhatenterprise_virtualization4.0

References

CWEs

CWE-532

Verify integrity in audit chain (admin only). AS-IS.