Description
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92666
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3427
Exploit, Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1369285
Scores
CVSS v3
6.8
EPSS
0.0052
EPSS Percentile
40.2%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (1)
redhat/enterprise_virtualization
4.0
Published
Apr 20, 2017
Tracked Since
Feb 18, 2026