The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise virtualization manager |
||
redhat enterprise virtualization manager 2.2.3 |
||
redhat enterprise virtualization manager 2.2 |
||
redhat enterprise virtualization manager 2.1 |