Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "6117C779-064F-402C-9845-74510D20FF0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "75940043-276E-4AA5-B98B-727E63FE40A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "90214116-1168-4174-A223-492DD3D56109", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment."}, {"lang": "es", "value": "redhat-support-plugin-rhev en Red Hat Enterprise Virtualization Manager (tambi\u00e9n llamado RHEV Manager) en versiones anteriores a la 3.6 permite que los usuarios autenticados remotos con el papel de SuperUser en cualquier entidad ejecuten c\u00f3digo arbitrario en cualquier host en el entorno RHEV."}], "id": "CVE-2015-7544", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-25T21:29:00.773", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2016-0426.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2016-0426.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}