Main Vulnerability Database SB2016102111

SB2016102111 - Information disclosure in Red Hat Storage Console Node

Published: October 21, 2016

Security Bulletin ID SB2016102111

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2016-7062)

The vulnerability allows a local user to access potentially sensitive information on the target system.
The weakness is due to supplying of the "rhscon-core" password in plain text as a command line parameter that allows attacker to view the password.
Successful exploitation of the vulnerabilty results in disclosure of important data on the vulnerable system.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2016:2082