What is CVE-2016-4443?

CVE-2016-4443 is a medium-severity vulnerability in Redhat Enterprise_virtualization, classified under Insertion of Sensitive Information into Log File. CVSS score: 5.5/10. Published 2016-12-14.

How severe is CVE-2016-4443?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Information disclosure in Redhat Enterprise_virtualization

CVE-2016-4443

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

EPSS: 0.000 (15.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Redhat Enterprise_virtualization — versions 3.6
N/a — versions n/a

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

92751 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1036863 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
RHSA-2016:1929 (x_refsource_REDHAT, vendor-advisory, Patch, Mitigation, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, VDB Entry, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2016-4443?: CVE-2016-4443 is a medium-severity vulnerability in Redhat Enterprise_virtualization, classified under Insertion of Sensitive Information into Log File. CVSS score: 5.5/10. Published 2016-12-14.
How severe is CVE-2016-4443?: Medium severity. CVSS v3 base score is 5.5 out of 10.