The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) prior to 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise virtualization manager |