CVE-2017-15113 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 HIGH	LOCAL	HIGH	HIGH	CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
redhat	CNA	7.2 HIGH	LOCAL	HIGH	HIGH	CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 42%

Vendor	Product	Version
ovirt	ovirt	𝑥 < 4.1.7.6
redhat	virtualization	4.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
CWE-532 - Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References

http://www.securityfocus.com/bid/101933

https://access.redhat.com/errata/RHEA-2017:3138

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113

https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4

http://www.securityfocus.com/bid/101933

https://access.redhat.com/errata/RHEA-2017:3138

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113

https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4