CVE Vulnerabilities

CVE-2014-0199

Published: May 29, 2014 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.

Affected Software

Name Vendor Start Version End Version
Rhevm-reports Redhat * 3.3 (including)
Rhevm-reports Redhat 3.0 (including) 3.0 (including)
Rhevm-reports Redhat 3.1 (including) 3.1 (including)
Rhevm-reports Redhat 3.2 (including) 3.2 (including)
RHEV Manager version 3.3 RedHat ovirt_engine_reports-root-0:3.3.3-1 *

References