CVE-2018-1074 in Ovirt and Red Hat Products
Published on April 26, 2018
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2018-1074 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2018-1074
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1074 are published in these products:
Affected Versions
unspecified ovirt-engine:- Version ovirt-engine 4.2.2.5 is affected.
- Version ovirt-engine 4.1.11.2 is affected.
Exploit Probability
EPSS
0.25%
Percentile
47.87%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.