CVE-2018-1074
HIGHovirt-engine < 4.2.2.5 and 4.1.11.1 - Insufficiently Protected Power Management Credentials
Title source: llmDescription
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHBA-2018:1219
Scores
CVSS v3
7.7
EPSS
0.0150
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-522
Status
published
Products (2)
ovirt/ovirt
< 4.1.11.1
redhat/enterprise_virtualization
4.0
Published
Apr 26, 2018
Tracked Since
Feb 18, 2026