CVE-2018-1074 in Ovirt and Red Hat Products
Published on April 26, 2018
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2018-1074 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2018-1074
stack.watch emails you whenever new vulnerabilities are published in Ovirt or Red Hat Enterprise Virtualization. Just hit a watch button to start following.
Affected Versions
unspecified ovirt-engine:- Version ovirt-engine 4.2.2.5 is affected.
- Version ovirt-engine 4.1.11.2 is affected.
Exploit Probability
EPSS
0.25%
Percentile
47.91%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.