Vulnerability Description
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ovirt | Ovirt | <= 4.1.11.1 |
| Redhat | Enterprise Virtualization | 4.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHBA-2018:1219Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074Issue TrackingThird Party Advisory
- https://access.redhat.com/errata/RHBA-2018:1219Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074Issue TrackingThird Party Advisory
FAQ
What is CVE-2018-1074?
CVE-2018-1074 is a vulnerability with a CVSS score of 7.7 (HIGH). ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A H...
How severe is CVE-2018-1074?
CVE-2018-1074 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1074?
Check the references section above for vendor advisories and patch information. Affected products include: Ovirt Ovirt, Redhat Enterprise Virtualization.