redhat-support-plugin-rhev is vulnerable to remote code execution. It was found that redhat-support-plugin-rhev passed a user-specified path and file name directly to the command line in the log viewer component. This could allow users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.
access.redhat.com/errata/RHSA-2016:0426
access.redhat.com/security/cve/CVE-2015-7544
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1138310
bugzilla.redhat.com/show_bug.cgi?id=1173074
bugzilla.redhat.com/show_bug.cgi?id=1269588
rhn.redhat.com/errata/RHSA-2016-0426.html