Vulnerabilities > CVE-2016-7062 - Credentials Management vulnerability in Redhat Storage Console and Storage Console Node

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
redhat
CWE-255
NVD
Published: 2017-06-27
Updated: 2017-07-05

Summary

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.

Vulnerable Configurations

Part Description Count
Application
Redhat
2

Common Weakness Enumeration (CWE)

Redhat

advisories
rhsa
idRHSA-2016:2082
rpms
  • carbon-selinux-0:0.0.45-1.el7scon
  • ceph-ansible-0:1.0.5-34.el7scon
  • ceph-installer-0:1.0.15-2.el7scon
  • rhscon-agent-0:0.0.19-1.el7scon
  • rhscon-ceph-0:0.0.43-1.el7scon
  • rhscon-ceph-debuginfo-0:0.0.43-1.el7scon
  • rhscon-core-0:0.0.45-1.el7scon
  • rhscon-core-debuginfo-0:0.0.45-1.el7scon
  • rhscon-core-selinux-0:0.0.45-1.el7scon
  • rhscon-ui-0:0.0.60-1.el7scon
  • salt-selinux-0:0.0.45-1.el7scon

References