CVE-2015-7544

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.

Published: Sep 25, 2017
Updated: Apr 13, 2023
CVE: CVE-2015-7544
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
redhat / enterprise_virtualization_manager	3.4	3.4.x
redhat / enterprise_virtualization_manager	3.4.1	3.4.1.x
redhat / enterprise_virtualization_manager	3.5.0	3.5.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=1269588
https://rhn.redhat.com/errata/RHSA-2016-0426.html

Vulnerability Database

289,599

CVE-2015-7544