CVE-2015-0257

Status: Modified
Last modified: 12-02-2023
Published: 01-05-2015
2.1

SUMMARY CVE-2015-0257

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Access CVSS CVE-2015-0257

Attack Complexity Attack Vector Privileges Required Scope User Interaction
LOW LOCAL NONE - -

Impact CVSS CVE-2015-0257

Confidentiality Integrity Availability
PARTIAL NONE NONE

Details CVE-2015-0257

EPSS 0.00042
EPSS % 0.05047
References
CWE CWE-264
Vulnerable Configurations
  • cpe:2.3:a:redhat:enterprise_virtualization_manager:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization_manager:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:enterprise_virtualization_manager:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization_manager:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:enterprise_virtualization_manager:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization_manager:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:enterprise_virtualization_manager:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization_manager:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:enterprise_virtualization_manager:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_virtualization_manager:3.5.0:*:*:*:*:*:*:*

ATOM RSS Feed Link for CVE Vulnerabilities

CVE Data Propulsed by AKAOMA CyberSecurity