CVE-2016-4474

high

Description

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.

References

https://rhn.redhat.com/errata/RHSA-2016-1223.html

https://access.redhat.com/security/vulnerabilities/2359821

http://rhn.redhat.com/errata/RHSA-2016-1222.html

Details

Source: Mitre, NVD

Published: 2016-06-30

Updated: 2021-08-04

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High