Skip to main content

Virtualization Manager CVE-2016-5709

MEDIUM
Information Exposure (CWE-200)
2016-06-24 cve@mitre.org
4.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 24, 2016 - 17:59 cve.org
MEDIUM 4.7

DescriptionCVE.org

SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.

AnalysisAI

SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute. Rated medium severity (CVSS 4.7). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. Affected products include: Solarwinds Virtualization Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2018-3639 MEDIUM POC
5.5 May 22

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres

CVE-2016-3642 CRITICAL POC
9.8 Jun 17

The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary comm

CVE-2019-10744 CRITICAL POC
9.1 Jul 26

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. Rated critical severity (CVSS 9.1), this vu

CVE-2017-9214 CRITICAL
9.8 May 23

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-r

CVE-2019-11358 MEDIUM POC
6.1 Apr 20

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus

CVE-2018-17963 CRITICAL
9.8 Oct 09

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause

CVE-2018-17958 HIGH
7.5 Oct 09

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Rat

CVE-2019-11135 MEDIUM
6.5 Nov 14

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potenti

CVE-2019-8331 MEDIUM
6.1 Feb 20

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. Rat

CVE-2018-1059 MEDIUM
6.1 Apr 24

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contigu

CVE-2019-10194 MEDIUM
5.5 Jul 11

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. Rated medium severity (CVSS 5.5

Share

CVE-2016-5709 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy