Information disclosure in Red Hat Satellite - CVE-2016-4443
Published: September 22, 2016
Vulnerability identifier: #VU636
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4443
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Red Hat Satellite
Red Hat Satellite
Detailed vulnerability description
The vulnerability allows a local user to obtain potentially sensitive information on the target system.
The weakness exists due to access control error. The application records sensitive information (e.g., encryption keys, certificates) in the 'engine-setup' log file that facilitates a malicious user access to important data.
Successful exploitation of the vulnerability leads to information disclosure on the vulnerable system.
The weakness exists due to access control error. The application records sensitive information (e.g., encryption keys, certificates) in the 'engine-setup' log file that facilitates a malicious user access to important data.
Successful exploitation of the vulnerability leads to information disclosure on the vulnerable system.
How to mitigate CVE-2016-4443
Update to 3.6.9.