CVE-2014-3561

Sažetak

The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.

Reference

http://rhn.redhat.com/errata/RHSA-2014-1947.html
http://www.securitytracker.com/id/1031291
https://exchange.xforce.ibmcloud.com/vulnerabilities/99096

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 00:40

Objavljeno

05-12-2014 - 16:59