← Back

CVE-2012-2696

nvd nist
Published: Jan 4, 2013Modified: Apr 29, 2026

JSON object

Loading...
2.7
Vector
AV:A/AC:L/Au:S/C:P/I:N/A:N
Exploitability: 5.1 / Impact: 2.9
Source: NVD

Description

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.

Affected (4)

Redhat
1 product
Enterprise Virtualization Manager
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Virtualization Manager
Up to 3.0
Enterprise Virtualization Manager
Version 2.1
Enterprise Virtualization Manager
Version 2.2.3
Enterprise Virtualization Manager
Version 2.2

Related CWEs

CWE-264
CWE-264

References (8)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.