Sensitive Information Disclosure in rhevm-log-collector Package

Sensitive Information Disclosure in rhevm-log-collector Package

CVE-2014-3561 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.