Privilege Escalation in Red Hat Enterprise Virtualization Manager (RHEV-M)

Privilege Escalation in Red Hat Enterprise Virtualization Manager (RHEV-M)

CVE-2012-2696 · LOW Severity

AV:A/AC:L/AU:S/C:P/I:N/A:N

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.

Learn more about our User Device Pen Test.