CVE-2014-3561

The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
redhatenterprise_virtualization
3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-1947.html
http://www.securitytracker.com/id/1031291
https://exchange.xforce.ibmcloud.com/vulnerabilities/99096
http://rhn.redhat.com/errata/RHSA-2014-1947.html
http://www.securitytracker.com/id/1031291
https://exchange.xforce.ibmcloud.com/vulnerabilities/99096