CVE-2015-7544

Published: Sep 25, 2017Modified: May 13, 2026

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: NVD

Description

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.

Affected (3)

Products: Redhat: Enterprise Virtualization Manager

1 product

Enterprise Virtualization Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Virtualization Manager	Version 3.4.1
Redhat Enterprise Virtualization Manager	Version 3.4
Redhat Enterprise Virtualization Manager	Version 3.5.0

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1269588

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-0426.html

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1269588

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-0426.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.