Vulnerabilities > Redhat > Enterprise Virtualization Manager > 2.2

DATE CVE VULNERABILITY TITLE RISK
2019-11-09 CVE-2009-3552 Improper Certificate Validation vulnerability in Redhat Enterprise Virtualization Manager 2.2
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager.
2.9
2017-08-24 CVE-2015-5293 Improper Access Control vulnerability in Redhat Enterprise Virtualization Manager
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.
network
redhat CWE-284
4.3
2013-07-03 CVE-2013-2144 Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager
Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot.
network
low complexity
redhat CWE-264
5.0
2013-03-12 CVE-2013-0168 Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors.
network
low complexity
redhat CWE-264
4.0
2013-01-04 CVE-2012-5516 Information Exposure vulnerability in Redhat Enterprise Virtualization Manager
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.
local
low complexity
redhat CWE-200
2.1
2013-01-04 CVE-2012-2696 Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager
The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.
low complexity
redhat CWE-264
2.7
2013-01-04 CVE-2011-4316 Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors.
local
high complexity
redhat CWE-264
3.7
2010-12-08 CVE-2010-2793 Race Condition vulnerability in Redhat Enterprise Virtualization Manager and Spice-Activex
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.
network
redhat CWE-362
6.8