Published: 20/04/2017 Updated: 12/02/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate malicious users to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise virtualization 4.0

Synopsis Low: orgovirtengine-root security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for orgovirtengine-root is now available for Red Hat Virtualization Manager version 41Red Hat Product Security has rated this update as having a security impact of Low A Co ...

It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts Browser sessions would remain logged in beyond the administratively configured session timeout period ...

CWE-284 https://bugzilla.redhat.com/show_bug.cgi?id=1369285 http://www.securityfocus.com/bid/92666 https://access.redhat.com/errata/RHSA-2017:3427 https://access.redhat.com/errata/RHSA-2017:3427 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-6338

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-6338

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect