Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7544

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.

Published

2017-09-25T21:29:00.773

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-74
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application redhat enterprise_virtualization_manager 3.4 Yes
Application redhat enterprise_virtualization_manager 3.4.1 Yes
Application redhat enterprise_virtualization_manager 3.5.0 Yes
References