CVE-2016-6338

MEDIUM

ovirt-engine-webadmin - Privilege Escalation

Title source: llm
STIX 2.1

Description

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92666
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3427
Exploit, Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1369285

Scores

CVSS v3 6.8
EPSS 0.0052
EPSS Percentile 40.2%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (1)
redhat/enterprise_virtualization 4.0
Published Apr 20, 2017
Tracked Since Feb 18, 2026