Vulnerabilities > CVE-2019-17195 - Improper Handling of Exceptional Conditions vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
connect2id
apache
oracle
CWE-755
critical
nessus
NVD
Published: 2019-10-15
Updated: 2023-11-07

Summary

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

Vulnerable Configurations

Part Description Count
Application
Connect2Id
184
Application
Apache
1
Application
Oracle
56

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1308.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1308 advisory. - apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) - nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-02
    plugin id135185
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135185
    titleRHEL 7 : Red Hat Virtualization Engine security, bug fix 4.3.9 (Low) (RHSA-2020:1308)
    code
    #
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:1308. The text
# itself is copyright (C) Red Hat, Inc.
#


include('compat.inc');

if (description)
{
  script_id(135185);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");

  script_cve_id("CVE-2019-10086", "CVE-2019-17195");
  script_xref(name:"RHSA", value:"2020:1308");

  script_name(english:"RHEL 7 : Red Hat Virtualization Engine security, bug fix 4.3.9 (Low) (RHSA-2020:1308)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2020:1308 advisory.

  - apache-commons-beanutils: does not suppresses the class
    property in PropertyUtilsBean by default
    (CVE-2019-10086)

  - nimbus-jose-jwt: Uncaught exceptions while parsing a JWT
    (CVE-2019-17195)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/502.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1308");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-10086");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-17195");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1752522");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1789737");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792874");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1797496");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1801310");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1808038");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1808607");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1809470");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1810527");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10086");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(248, 502);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhev_manager:4.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::hypervisor");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-backend");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dbscripts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extension-aaa-misc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extensions-api-impl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extensions-api-impl-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-health-check-bundler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-restapi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-cinderlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-vmconsole-proxy-helper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-websocket-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools-backup");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-vmconsole-proxy-helper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-webadmin-portal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-websocket-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-fast-forward-upgrade");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python2-ovirt-engine-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhvm-dependencies");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/RedHat/release');
if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

pkgs = [
    {'reference':'apache-commons-beanutils-1.8.3-15.el7_7', 'release':'7'},
    {'reference':'apache-commons-beanutils-javadoc-1.8.3-15.el7_7', 'release':'7'},
    {'reference':'ovirt-engine-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-backend-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-dbscripts-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-extension-aaa-misc-1.0.4-1.el7ev', 'release':'7', 'el_string':'el7ev', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ovirt-engine-extensions-api-impl-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-extensions-api-impl-javadoc-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-health-check-bundler-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-restapi-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-setup-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-setup-base-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-setup-plugin-cinderlib-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-setup-plugin-ovirt-engine-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-setup-plugin-ovirt-engine-common-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-setup-plugin-websocket-proxy-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-tools-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-tools-backup-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-vmconsole-proxy-helper-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-webadmin-portal-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-engine-websocket-proxy-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'ovirt-fast-forward-upgrade-1.0.0-17.el7ev', 'release':'7', 'el_string':'el7ev', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python2-ovirt-engine-lib-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'rhvm-4.3.9.3-0.1.el7', 'release':'7'},
    {'reference':'rhvm-dependencies-4.3.2-1.el7ev', 'release':'7', 'el_string':'el7ev', 'rpm_spec_vers_cmp':TRUE}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  sp = NULL;
  cpu = NULL;
  el_string = NULL;
  rpm_spec_vers_cmp = NULL;
  epoch = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (reference && release) {
    if (rpm_spec_vers_cmp) {
      if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
    }
    else
    {
      if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache-commons-beanutils / apache-commons-beanutils-javadoc / ovirt-engine / etc');
}
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_GATEWAY_CPU_APR_2020.NASL
    descriptionThe version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by the following vulnerabilities as referenced in the April 2020 CPU advisory: - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. However, this characteristic of the PropertyUtilsBean was not used by default. (CVE-2019-10086) - The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. (CVE-2019-12402) - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. (CVE-2019-16943) - Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. (CVE-2019-17195) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-08
    modified2020-04-15
    plugin id135583
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135583
    titleOracle Primavera Gateway (Apr 2020 CPU)
    code
    #
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(135583);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/06");

  script_cve_id(
    "CVE-2019-10086",
    "CVE-2019-12402",
    "CVE-2019-16942",
    "CVE-2019-16943",
    "CVE-2019-17195",
    "CVE-2019-17531"
  );
  script_xref(name:"IAVA", value:"2020-A-0140");

  script_name(english:"Oracle Primavera Gateway (Apr 2020 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by
the following vulnerabilities as referenced in the April 2020 CPU advisory:

  - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows
    suppressing the ability for an attacker to access the classloader via the class property available on all
    Java objects. However, this characteristic of the PropertyUtilsBean was not used by default.
    (CVE-2019-10086)

  - The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an
    infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an
    attacker can choose the file names inside of an archive created by Compress. (CVE-2019-12402)

  - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default
    Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and
    the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint
    to access, it is possible to make the service execute a malicious payload. This issue exists because of
    com.p6spy.engine.spy.P6DataSource mishandling. (CVE-2019-16943)

  - Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which
    could result in an application crash (potential information disclosure) or a potential authentication
    bypass. (CVE-2019-17195)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2020 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16943");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:oracle:primavera_gateway");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_primavera_gateway.nbin");
  script_require_keys("installed_sw/Oracle Primavera Gateway");
  script_require_ports("Services/www", 8006);

  exit(0);
}

include('http.inc');
include('vcf.inc');

get_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);

port = get_http_port(default:8006);

app_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);

vcf::check_granularity(app_info:app_info, sig_segments:2);

constraints = [
  { 'min_version' : '16.2.0',
    'max_version' : '16.2.11',
    'fixed_display' : 'Upgrade to the latest version or contact customer support for more information.'
  },
  { 'min_version' : '17.12.0', 'fixed_version' : '17.12.7' },
  { 'min_version' : '18.8.0',  'fixed_version' : '18.8.8.9' },
  { 'min_version' : '19.12.0', 'fixed_version' : '19.12.4' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Redhat

rpms
  • apache-commons-beanutils-0:1.8.3-15.el7_7
  • apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7
  • ovirt-engine-0:4.3.9.3-0.1.el7
  • ovirt-engine-backend-0:4.3.9.3-0.1.el7
  • ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7
  • ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev
  • ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7
  • ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7
  • ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7
  • ovirt-engine-restapi-0:4.3.9.3-0.1.el7
  • ovirt-engine-setup-0:4.3.9.3-0.1.el7
  • ovirt-engine-setup-base-0:4.3.9.3-0.1.el7
  • ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7
  • ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7
  • ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7
  • ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7
  • ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7
  • ovirt-engine-tools-0:4.3.9.3-0.1.el7
  • ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7
  • ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7
  • ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7
  • ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev
  • python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7
  • rhvm-0:4.3.9.3-0.1.el7
  • rhvm-dependencies-0:4.3.2-1.el7ev

References