Session Timeout Bypass Vulnerability in ovirt-engine-webadmin

Session Timeout Bypass Vulnerability in ovirt-engine-webadmin

CVE-2016-6338 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.

Learn more about our Web App Pen Testing.