Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2014-06-01	CVE-2014-3925	Credentials Management vulnerability in multiple products sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. network low complexity canonical redhat CWE-255	5.0
2014-02-17	CVE-2011-4083	Cryptographic Issues vulnerability in Redhat SOS The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. network redhat CWE-310	4.3
2012-06-29	CVE-2012-2664	Credentials Management vulnerability in Redhat SOS 2.218 The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. network redhat CWE-255	4.3