Lucene search
Veracode Vulnerability DatabaseVERACODE:11972HistoryJan 15, 2019 - 9:10 a.m.
Remote Code Execution (RCE)
2019-01-1509:10:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
EPSS
0.001
Percentile
49.8%
redhat-support-plugin-rhev is vulnerable to remote code execution. It was found that redhat-support-plugin-rhev passed a user-specified path and file name directly to the command line in the log viewer component. This could allow users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.
References
access.redhat.com/errata/RHSA-2016:0426
access.redhat.com/security/cve/CVE-2015-7544
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1138310
bugzilla.redhat.com/show_bug.cgi?id=1173074
bugzilla.redhat.com/show_bug.cgi?id=1269588
rhn.redhat.com/errata/RHSA-2016-0426.html
Related
cve
cve
CVE-2015-7544
2017-09-25 21:29:00
nvd
nvd
CVE-2015-7544
2017-09-25 21:29:00
prion
prion
Command injection
2017-09-25 21:29:00
nessus
nessus
RHEL 6 : redhat-support-plugin-rhev (RHSA-2016:0426)
2016-03-11 00:00:00
redhat
redhat
cvelist
cvelist
CVE-2015-7544
2017-09-25 21:00:00