The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file.
2013-03-12T23:55:01.637
2025-04-11T00:51:21.963
Deferred
CVSSv2: 2.1 (LOW)
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | redhat | enterprise_virtualization_manager | ≤ 3.1 | Yes |
| Application | redhat | enterprise_virtualization_manager | 2.1 | Yes |
| Application | redhat | enterprise_virtualization_manager | 2.2 | Yes |
| Application | redhat | enterprise_virtualization_manager | 2.2.3 | Yes |
| Application | redhat | enterprise_virtualization_manager | 3.0 | Yes |