CVE-2018-1074
Severity Score
7.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
La API y el portal de administración web de ovirt-engine en versiones anteriores a la 4.2.2.5 y la 4.1.11.2 es vulnerable a una exposición de credenciales de Power Management, incluyendo contraseñas en texto claro para Host Administrators. Un Host Administrator podría utilizar este fallo para obtener acceso a los sistemas de gestión de energía de los hosts que controlan.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-04 CVE Reserved
- 2018-04-26 CVE Published
- 2023-09-17 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2018:1219 | 2019-11-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ovirt Search vendor "Ovirt" | Ovirt Search vendor "Ovirt" for product "Ovirt" | <= 4.1.11.1 Search vendor "Ovirt" for product "Ovirt" and version " <= 4.1.11.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Virtualization Search vendor "Redhat" for product "Enterprise Virtualization" | 4.0 Search vendor "Redhat" for product "Enterprise Virtualization" and version "4.0" | - |
Affected
| ||||||