Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat Enterprise Virtualization Manager 信息泄露漏洞
Vulnerability Description
Red Hat Enterprise Virtualization Manager(RHEV-M)是美国红帽(Red Hat)公司的一款用于RHEV(企业虚拟化平台)的控制中心组件。该组件包含KVM工具,提供虚拟化管理功能。 Red Hat Enterprise Virtualization Manager 3.4版本存在信息泄露漏洞,该漏洞源于程序调用sosreport时,在命令行中使用PostgreSQL数据库密码。本地攻击者可通过监控进程列表利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A