CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-6117

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.3%

CVSS Severity

CVSS v2 Score 2.1

References

http://rhn.redhat.com/errata/RHSA-2013-0545.html
https://bugzilla.redhat.com/show_bug.cgi?id=875294
http://rhn.redhat.com/errata/RHSA-2013-0545.html
https://bugzilla.redhat.com/show_bug.cgi?id=875294

Products affected by CVE-2012-6117

Redhat » Cloudforms Cloud Engine » Version: 1.0

cpe:2.3:a:redhat:cloudforms_cloud_engine:1.0
Redhat » Cloudforms Cloud Engine » Version: 1.1

cpe:2.3:a:redhat:cloudforms_cloud_engine:1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-6117

Products

Pricing

Contact Us