CVE-2016-4443

MEDIUM

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 - Info Disclosure

Title source: llm

Description

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

References (4)

[Mitigation, Patch, Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-1929.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92751

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036863

[Issue Tracking, VDB Entry, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1335106

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 14.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-532

Status published

Affected Products (2)

redhat/enterprise_virtualization

n/a/n/a

Timeline

Published Dec 14, 2016

Tracked Since Feb 18, 2026