{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-07T00:00:00", "descriptions": [{"lang": "en", "value": "redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-25T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2016:0426", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2016-0426.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:51:28.444Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2016:0426", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2016-0426.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-7544", "datePublished": "2017-09-25T21:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:28.444Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "6117C779-064F-402C-9845-74510D20FF0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "75940043-276E-4AA5-B98B-727E63FE40A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "90214116-1168-4174-A223-492DD3D56109", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment."}, {"lang": "es", "value": "redhat-support-plugin-rhev en Red Hat Enterprise Virtualization Manager (tambi\u00e9n llamado RHEV Manager) en versiones anteriores a la 3.6 permite que los usuarios autenticados remotos con el papel de SuperUser en cualquier entidad ejecuten c\u00f3digo arbitrario en cualquier host en el entorno RHEV."}], "id": "CVE-2015-7544", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-25T21:29:00.773", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2016-0426.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2016-0426.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Alexander Wels (Red Hat).", "affected_release": [{"advisory": "RHSA-2016:0426", "cpe": "cpe:/a:redhat:rhev_manager:3", "package": "redhat-support-plugin-rhev-0:3.6.0-12.el6", "product_name": "RHEV Manager version 3.6", "release_date": "2016-03-09T00:00:00Z"}], "bugzilla": {"description": "redhat-support-plugin-rhev: Remote code execution by SuperUser role on hosts in RHEV", "id": "1269588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"}, "csaw": false, "cvss": {"cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-20", "details": ["redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.", "It was found that redhat-support-plugin-rhev passed a user-specified path and file name directly to the command line in the log viewer component. This could allow users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment."], "name": "CVE-2015-7544", "public_date": "2015-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-7544\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7544"], "threat_severity": "Important"}