Information disclosure in Red Hat Storage Console Node and Red Hat Storage Console - CVE-2016-7062
Published: October 21, 2016
Vulnerability identifier: #VU1034
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-7062
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Red Hat Storage Console Node
Red Hat Storage Console
Red Hat Storage Console Node
Red Hat Storage Console
Detailed vulnerability description
The vulnerability allows a local user to access potentially sensitive information on the target system.
The weakness is due to supplying of the "rhscon-core" password in plain text as a command line parameter that allows attacker to view the password.
Successful exploitation of the vulnerabilty results in disclosure of important data on the vulnerable system.
The weakness is due to supplying of the "rhscon-core" password in plain text as a command line parameter that allows attacker to view the password.
Successful exploitation of the vulnerabilty results in disclosure of important data on the vulnerable system.
How to mitigate CVE-2016-7062
Update solution from the vendor's site
https://access.redhat.com/
https://access.redhat.com/