First published: Thu Apr 26 2018(Updated: )
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ovirt Ovirt | <=4.1.11.1 | |
Redhat Enterprise Virtualization | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1074 is a vulnerability in the ovirt-engine API and administration web portal, which allows an exposure of Power Management credentials, including cleartext passwords to Host Administrators.
The severity of CVE-2018-1074 is high with a severity value of 7.2.
Versions 4.2.2.5 and 4.1.11.2 of the ovirt-engine API and administration web portal are affected.
A Host Administrator can exploit CVE-2018-1074 to gain access to the power management systems of hosts and view Power Management credentials, including cleartext passwords.
Yes, the fix for CVE-2018-1074 is available in versions 4.2.2.5 and 4.1.11.2 of the ovirt-engine API and administration web portal.