RHEL 8 : RHV Manager (ovirt-engine) 4.4 (RHSA-2020:3247)

critical Nessus Plugin ID 210560

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3247 advisory.

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).

A list of bugs fixed in this update is available in the Technical Notes book:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

Security Fix(es):

* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)

* libquartz: XXE attacks via job description (CVE-2019-13990)

* novnc: XSS vulnerability via the messages propagated to the status field (CVE-2017-18635)

* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

* nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195)

* ovirt-engine: response_type parameter allows reflected XSS (CVE-2019-19336)

* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)

* ovirt-engine: Redirect to arbitrary URL allows for phishing (CVE-2020-10775)

* Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1693813

https://bugzilla.redhat.com/show_bug.cgi?id=1695026

https://bugzilla.redhat.com/show_bug.cgi?id=1695635

https://bugzilla.redhat.com/show_bug.cgi?id=1696245

https://bugzilla.redhat.com/show_bug.cgi?id=1696669

https://bugzilla.redhat.com/show_bug.cgi?id=1696676

https://bugzilla.redhat.com/show_bug.cgi?id=1698009

https://bugzilla.redhat.com/show_bug.cgi?id=1698102

https://bugzilla.redhat.com/show_bug.cgi?id=1700021

https://bugzilla.redhat.com/show_bug.cgi?id=1700036

https://bugzilla.redhat.com/show_bug.cgi?id=1700319

https://bugzilla.redhat.com/show_bug.cgi?id=1700338

https://bugzilla.redhat.com/show_bug.cgi?id=1700725

https://bugzilla.redhat.com/show_bug.cgi?id=1700867

https://bugzilla.redhat.com/show_bug.cgi?id=1701476

https://bugzilla.redhat.com/show_bug.cgi?id=1701491

https://bugzilla.redhat.com/show_bug.cgi?id=1701522

https://bugzilla.redhat.com/show_bug.cgi?id=1701528

https://bugzilla.redhat.com/show_bug.cgi?id=1701530

https://bugzilla.redhat.com/show_bug.cgi?id=1701531

https://bugzilla.redhat.com/show_bug.cgi?id=1701533

https://bugzilla.redhat.com/show_bug.cgi?id=1701538

https://bugzilla.redhat.com/show_bug.cgi?id=1701544

https://bugzilla.redhat.com/show_bug.cgi?id=1702310

https://bugzilla.redhat.com/show_bug.cgi?id=1702312

https://bugzilla.redhat.com/show_bug.cgi?id=1703112

https://bugzilla.redhat.com/show_bug.cgi?id=1703428

https://bugzilla.redhat.com/show_bug.cgi?id=1707225

https://bugzilla.redhat.com/show_bug.cgi?id=1708624

https://bugzilla.redhat.com/show_bug.cgi?id=1710491

https://bugzilla.redhat.com/show_bug.cgi?id=1711006

https://bugzilla.redhat.com/show_bug.cgi?id=1712255

https://bugzilla.redhat.com/show_bug.cgi?id=1712746

https://bugzilla.redhat.com/show_bug.cgi?id=1712890

https://bugzilla.redhat.com/show_bug.cgi?id=1714528

https://bugzilla.redhat.com/show_bug.cgi?id=1714633

https://bugzilla.redhat.com/show_bug.cgi?id=1714834

https://bugzilla.redhat.com/show_bug.cgi?id=1715725

https://bugzilla.redhat.com/show_bug.cgi?id=1716590

https://bugzilla.redhat.com/show_bug.cgi?id=1718818

https://bugzilla.redhat.com/show_bug.cgi?id=1720686

https://bugzilla.redhat.com/show_bug.cgi?id=1720694

https://bugzilla.redhat.com/show_bug.cgi?id=1720795

https://bugzilla.redhat.com/show_bug.cgi?id=1724959

https://bugzilla.redhat.com/show_bug.cgi?id=1727025

https://bugzilla.redhat.com/show_bug.cgi?id=1728472

https://bugzilla.redhat.com/show_bug.cgi?id=1729511

https://bugzilla.redhat.com/show_bug.cgi?id=1729811

https://bugzilla.redhat.com/show_bug.cgi?id=1730264

https://bugzilla.redhat.com/show_bug.cgi?id=1730436

https://bugzilla.redhat.com/show_bug.cgi?id=1731212

https://bugzilla.redhat.com/show_bug.cgi?id=1731590

https://bugzilla.redhat.com/show_bug.cgi?id=1733031

https://bugzilla.redhat.com/show_bug.cgi?id=1733529

https://bugzilla.redhat.com/show_bug.cgi?id=1733843

https://bugzilla.redhat.com/show_bug.cgi?id=1734839

https://bugzilla.redhat.com/show_bug.cgi?id=1737234

https://bugzilla.redhat.com/show_bug.cgi?id=1737684

https://bugzilla.redhat.com/show_bug.cgi?id=1740978

https://bugzilla.redhat.com/show_bug.cgi?id=1741102

https://bugzilla.redhat.com/show_bug.cgi?id=1741271

https://bugzilla.redhat.com/show_bug.cgi?id=1741625

https://bugzilla.redhat.com/show_bug.cgi?id=1743690

https://bugzilla.redhat.com/show_bug.cgi?id=1744557

https://bugzilla.redhat.com/show_bug.cgi?id=1745384

https://bugzilla.redhat.com/show_bug.cgi?id=1745504

https://bugzilla.redhat.com/show_bug.cgi?id=1768844

https://bugzilla.redhat.com/show_bug.cgi?id=1769463

https://bugzilla.redhat.com/show_bug.cgi?id=1770237

https://bugzilla.redhat.com/show_bug.cgi?id=1771793

https://bugzilla.redhat.com/show_bug.cgi?id=1773313

https://bugzilla.redhat.com/show_bug.cgi?id=1777954

https://bugzilla.redhat.com/show_bug.cgi?id=1779580

https://bugzilla.redhat.com/show_bug.cgi?id=1781001

https://bugzilla.redhat.com/show_bug.cgi?id=1782236

https://bugzilla.redhat.com/show_bug.cgi?id=1782279

https://bugzilla.redhat.com/show_bug.cgi?id=1782882

https://bugzilla.redhat.com/show_bug.cgi?id=1784049

https://bugzilla.redhat.com/show_bug.cgi?id=1784385

https://bugzilla.redhat.com/show_bug.cgi?id=1785750

https://bugzilla.redhat.com/show_bug.cgi?id=1788424

https://bugzilla.redhat.com/show_bug.cgi?id=1796809

https://bugzilla.redhat.com/show_bug.cgi?id=1796811

https://bugzilla.redhat.com/show_bug.cgi?id=1796815

https://bugzilla.redhat.com/show_bug.cgi?id=1796817

https://bugzilla.redhat.com/show_bug.cgi?id=1797316

https://bugzilla.redhat.com/show_bug.cgi?id=1797500

https://bugzilla.redhat.com/show_bug.cgi?id=1798114

https://bugzilla.redhat.com/show_bug.cgi?id=1475774

https://bugzilla.redhat.com/show_bug.cgi?id=1507438

https://bugzilla.redhat.com/show_bug.cgi?id=1523835

https://bugzilla.redhat.com/show_bug.cgi?id=1527843

https://bugzilla.redhat.com/show_bug.cgi?id=1529042

https://bugzilla.redhat.com/show_bug.cgi?id=1535796

https://bugzilla.redhat.com/show_bug.cgi?id=1546838

https://bugzilla.redhat.com/show_bug.cgi?id=1547937

https://bugzilla.redhat.com/show_bug.cgi?id=1585986

https://bugzilla.redhat.com/show_bug.cgi?id=1593800

https://bugzilla.redhat.com/show_bug.cgi?id=1596178

https://bugzilla.redhat.com/show_bug.cgi?id=1600059

https://bugzilla.redhat.com/show_bug.cgi?id=1610212

https://bugzilla.redhat.com/show_bug.cgi?id=1611395

https://bugzilla.redhat.com/show_bug.cgi?id=1616451

https://bugzilla.redhat.com/show_bug.cgi?id=1637172

https://bugzilla.redhat.com/show_bug.cgi?id=1640908

https://bugzilla.redhat.com/show_bug.cgi?id=1642273

https://bugzilla.redhat.com/show_bug.cgi?id=1647440

https://bugzilla.redhat.com/show_bug.cgi?id=1648345

https://bugzilla.redhat.com/show_bug.cgi?id=1650417

https://bugzilla.redhat.com/show_bug.cgi?id=1650505

https://bugzilla.redhat.com/show_bug.cgi?id=1651406

https://bugzilla.redhat.com/show_bug.cgi?id=1651939

https://bugzilla.redhat.com/show_bug.cgi?id=1654069

https://bugzilla.redhat.com/show_bug.cgi?id=1654889

https://bugzilla.redhat.com/show_bug.cgi?id=1656621

https://bugzilla.redhat.com/show_bug.cgi?id=1658101

https://bugzilla.redhat.com/show_bug.cgi?id=1659161

https://bugzilla.redhat.com/show_bug.cgi?id=1660071

https://bugzilla.redhat.com/show_bug.cgi?id=1660644

https://bugzilla.redhat.com/show_bug.cgi?id=1663366

https://bugzilla.redhat.com/show_bug.cgi?id=1664479

https://bugzilla.redhat.com/show_bug.cgi?id=1666913

https://bugzilla.redhat.com/show_bug.cgi?id=1670102

https://bugzilla.redhat.com/show_bug.cgi?id=1671876

https://bugzilla.redhat.com/show_bug.cgi?id=1679039

https://bugzilla.redhat.com/show_bug.cgi?id=1679110

https://bugzilla.redhat.com/show_bug.cgi?id=1679471

https://bugzilla.redhat.com/show_bug.cgi?id=1679730

https://bugzilla.redhat.com/show_bug.cgi?id=1686454

https://bugzilla.redhat.com/show_bug.cgi?id=1686650

https://bugzilla.redhat.com/show_bug.cgi?id=1687345

https://bugzilla.redhat.com/show_bug.cgi?id=1690026

https://bugzilla.redhat.com/show_bug.cgi?id=1690155

https://bugzilla.redhat.com/show_bug.cgi?id=1690475

https://bugzilla.redhat.com/show_bug.cgi?id=1691562

https://bugzilla.redhat.com/show_bug.cgi?id=1692592

https://bugzilla.redhat.com/show_bug.cgi?id=1693628

https://bugzilla.redhat.com/show_bug.cgi?id=1746272

https://bugzilla.redhat.com/show_bug.cgi?id=1746430

https://bugzilla.redhat.com/show_bug.cgi?id=1746877

https://bugzilla.redhat.com/show_bug.cgi?id=1747772

https://bugzilla.redhat.com/show_bug.cgi?id=1749284

https://bugzilla.redhat.com/show_bug.cgi?id=1749944

https://bugzilla.redhat.com/show_bug.cgi?id=1750212

https://bugzilla.redhat.com/show_bug.cgi?id=1750348

https://bugzilla.redhat.com/show_bug.cgi?id=1750357

https://bugzilla.redhat.com/show_bug.cgi?id=1750371

https://bugzilla.redhat.com/show_bug.cgi?id=1750482

https://bugzilla.redhat.com/show_bug.cgi?id=1751215

https://bugzilla.redhat.com/show_bug.cgi?id=1751268

https://bugzilla.redhat.com/show_bug.cgi?id=1751423

https://bugzilla.redhat.com/show_bug.cgi?id=1752890

https://bugzilla.redhat.com/show_bug.cgi?id=1752995

https://bugzilla.redhat.com/show_bug.cgi?id=1753629

https://bugzilla.redhat.com/show_bug.cgi?id=1753661

https://bugzilla.redhat.com/show_bug.cgi?id=1753664

https://bugzilla.redhat.com/show_bug.cgi?id=1754363

https://bugzilla.redhat.com/show_bug.cgi?id=1754490

https://bugzilla.redhat.com/show_bug.cgi?id=1755412

https://bugzilla.redhat.com/show_bug.cgi?id=1758048

https://bugzilla.redhat.com/show_bug.cgi?id=1758289

https://bugzilla.redhat.com/show_bug.cgi?id=1762281

https://bugzilla.redhat.com/show_bug.cgi?id=1763992

https://bugzilla.redhat.com/show_bug.cgi?id=1764289

https://bugzilla.redhat.com/show_bug.cgi?id=1764791

https://bugzilla.redhat.com/show_bug.cgi?id=1764932

https://bugzilla.redhat.com/show_bug.cgi?id=1764943

https://bugzilla.redhat.com/show_bug.cgi?id=1764959

https://bugzilla.redhat.com/show_bug.cgi?id=1765660

https://bugzilla.redhat.com/show_bug.cgi?id=1767319

https://bugzilla.redhat.com/show_bug.cgi?id=1767483

https://bugzilla.redhat.com/show_bug.cgi?id=1768707

https://bugzilla.redhat.com/show_bug.cgi?id=1810893

https://bugzilla.redhat.com/show_bug.cgi?id=1811865

https://bugzilla.redhat.com/show_bug.cgi?id=1811869

https://bugzilla.redhat.com/show_bug.cgi?id=1812875

https://bugzilla.redhat.com/show_bug.cgi?id=1813305

https://bugzilla.redhat.com/show_bug.cgi?id=1813344

https://bugzilla.redhat.com/show_bug.cgi?id=1814197

https://bugzilla.redhat.com/show_bug.cgi?id=1814215

https://bugzilla.redhat.com/show_bug.cgi?id=1816017

https://bugzilla.redhat.com/show_bug.cgi?id=1816643

https://bugzilla.redhat.com/show_bug.cgi?id=1816654

https://bugzilla.redhat.com/show_bug.cgi?id=1816693

https://bugzilla.redhat.com/show_bug.cgi?id=1816739

https://bugzilla.redhat.com/show_bug.cgi?id=1817467

https://bugzilla.redhat.com/show_bug.cgi?id=1818745

https://bugzilla.redhat.com/show_bug.cgi?id=1819201

https://bugzilla.redhat.com/show_bug.cgi?id=1819248

https://bugzilla.redhat.com/show_bug.cgi?id=1819514

https://bugzilla.redhat.com/show_bug.cgi?id=1819960

https://bugzilla.redhat.com/show_bug.cgi?id=1820621

https://bugzilla.redhat.com/show_bug.cgi?id=1820638

https://bugzilla.redhat.com/show_bug.cgi?id=1821164

https://bugzilla.redhat.com/show_bug.cgi?id=1821930

https://bugzilla.redhat.com/show_bug.cgi?id=1824095

https://bugzilla.redhat.com/show_bug.cgi?id=1825793

https://bugzilla.redhat.com/show_bug.cgi?id=1826248

https://bugzilla.redhat.com/show_bug.cgi?id=1826437

https://bugzilla.redhat.com/show_bug.cgi?id=1826801

https://bugzilla.redhat.com/show_bug.cgi?id=1826855

https://bugzilla.redhat.com/show_bug.cgi?id=1828406

https://bugzilla.redhat.com/show_bug.cgi?id=1828669

https://bugzilla.redhat.com/show_bug.cgi?id=1828736

https://bugzilla.redhat.com/show_bug.cgi?id=1829189

https://bugzilla.redhat.com/show_bug.cgi?id=1829656

https://bugzilla.redhat.com/show_bug.cgi?id=1829830

https://access.redhat.com/security/updates/classification/#important

http://www.nessus.org/u?0196a987

https://bugzilla.redhat.com/show_bug.cgi?id=1080097

https://bugzilla.redhat.com/show_bug.cgi?id=1325468

https://bugzilla.redhat.com/show_bug.cgi?id=1358501

https://bugzilla.redhat.com/show_bug.cgi?id=1427717

https://bugzilla.redhat.com/show_bug.cgi?id=1798117

https://bugzilla.redhat.com/show_bug.cgi?id=1798120

https://bugzilla.redhat.com/show_bug.cgi?id=1798127

https://bugzilla.redhat.com/show_bug.cgi?id=1798137

https://bugzilla.redhat.com/show_bug.cgi?id=1799171

https://bugzilla.redhat.com/show_bug.cgi?id=1799204

https://bugzilla.redhat.com/show_bug.cgi?id=1801149

https://bugzilla.redhat.com/show_bug.cgi?id=1801709

https://bugzilla.redhat.com/show_bug.cgi?id=1803597

https://bugzilla.redhat.com/show_bug.cgi?id=1805669

https://bugzilla.redhat.com/show_bug.cgi?id=1806276

https://bugzilla.redhat.com/show_bug.cgi?id=1807047

https://bugzilla.redhat.com/show_bug.cgi?id=1807860

https://bugzilla.redhat.com/show_bug.cgi?id=1808096

https://bugzilla.redhat.com/show_bug.cgi?id=1808126

https://bugzilla.redhat.com/show_bug.cgi?id=1809040

https://bugzilla.redhat.com/show_bug.cgi?id=1809052

https://bugzilla.redhat.com/show_bug.cgi?id=1809875

https://bugzilla.redhat.com/show_bug.cgi?id=1809877

https://bugzilla.redhat.com/show_bug.cgi?id=1832161

https://bugzilla.redhat.com/show_bug.cgi?id=1834523

https://bugzilla.redhat.com/show_bug.cgi?id=1838493

https://bugzilla.redhat.com/show_bug.cgi?id=1841495

https://bugzilla.redhat.com/show_bug.cgi?id=1842495

https://bugzilla.redhat.com/show_bug.cgi?id=1844270

https://bugzilla.redhat.com/show_bug.cgi?id=1844855

https://bugzilla.redhat.com/show_bug.cgi?id=1845473

https://bugzilla.redhat.com/show_bug.cgi?id=1847420

https://bugzilla.redhat.com/show_bug.cgi?id=1850004

https://bugzilla.redhat.com/show_bug.cgi?id=1853444

https://bugzilla.redhat.com/show_bug.cgi?id=1854563

http://www.nessus.org/u?a673a6ca

https://access.redhat.com/errata/RHSA-2020:3247

Plugin Details

Severity: Critical

ID: 210560

File Name: redhat-RHSA-2020-3247.nasl

Version: 1.2

Type: local

Agent: unix

Published: 11/8/2024

Updated: 11/8/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-13990

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ed25519-java, p-cpe:/a:redhat:enterprise_linux:java-client-kubevirt, p-cpe:/a:redhat:enterprise_linux:apache-commons-collections4, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine-common, p-cpe:/a:redhat:enterprise_linux:python-flask-restful, p-cpe:/a:redhat:enterprise_linux:python2-netaddr, p-cpe:/a:redhat:enterprise_linux:ovirt-engine, p-cpe:/a:redhat:enterprise_linux:python-websocket-client, p-cpe:/a:redhat:enterprise_linux:apache-commons-vfs, p-cpe:/a:redhat:enterprise_linux:apache-commons-collections4-javadoc, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-api-explorer, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-imageio, p-cpe:/a:redhat:enterprise_linux:python-ovsdbapp, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-backend, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extensions-api-javadoc, p-cpe:/a:redhat:enterprise_linux:snmp4j-javadoc, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extension-aaa-jdbc, p-cpe:/a:redhat:enterprise_linux:apache-commons-jxpath-javadoc, p-cpe:/a:redhat:enterprise_linux:python3-ansible-runner, p-cpe:/a:redhat:enterprise_linux:python-flask-doc, p-cpe:/a:redhat:enterprise_linux:openstack-java-keystone-client, p-cpe:/a:redhat:enterprise_linux:python3-websocket-client, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-health-check-bundler, p-cpe:/a:redhat:enterprise_linux:python-pbr, p-cpe:/a:redhat:enterprise_linux:openstack-java-javadoc, p-cpe:/a:redhat:enterprise_linux:openstack-java-resteasy-connector, p-cpe:/a:redhat:enterprise_linux:openstack-java-cinder-model, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-metrics, p-cpe:/a:redhat:enterprise_linux:rhvm-setup-plugins, p-cpe:/a:redhat:enterprise_linux:python3-notario, p-cpe:/a:redhat:enterprise_linux:log4j12, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-vmconsole-proxy-helper, p-cpe:/a:redhat:enterprise_linux:python-notario, p-cpe:/a:redhat:enterprise_linux:openstack-java-swift-model, p-cpe:/a:redhat:enterprise_linux:python3-six, p-cpe:/a:redhat:enterprise_linux:python3-werkzeug-doc, p-cpe:/a:redhat:enterprise_linux:ansible-runner-service, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine, p-cpe:/a:redhat:enterprise_linux:engine-db-query, p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui, p-cpe:/a:redhat:enterprise_linux:python3-werkzeug, p-cpe:/a:redhat:enterprise_linux:python3-ovsdbapp, p-cpe:/a:redhat:enterprise_linux:apache-commons-vfs-ant, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dwh-setup, p-cpe:/a:redhat:enterprise_linux:openstack-java-nova-client, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dwh, p-cpe:/a:redhat:enterprise_linux:m2crypto, p-cpe:/a:redhat:enterprise_linux:openstack-java-heat-model, p-cpe:/a:redhat:enterprise_linux:python-werkzeug, p-cpe:/a:redhat:enterprise_linux:openstack-java-ceilometer-model, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-websocket-proxy, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-base, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extensions-api, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extension-aaa-ldap, p-cpe:/a:redhat:enterprise_linux:xmlrpc-server, p-cpe:/a:redhat:enterprise_linux:apache-commons-configuration, p-cpe:/a:redhat:enterprise_linux:apache-sshd-javadoc, p-cpe:/a:redhat:enterprise_linux:python2-six, p-cpe:/a:redhat:enterprise_linux:unboundid-ldapsdk, p-cpe:/a:redhat:enterprise_linux:ws-commons-util-javadoc, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-websocket-proxy, p-cpe:/a:redhat:enterprise_linux:apache-commons-vfs-examples, p-cpe:/a:redhat:enterprise_linux:ovirt-cockpit-sso, p-cpe:/a:redhat:enterprise_linux:python-aniso8601, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools-backup, p-cpe:/a:redhat:enterprise_linux:openstack-java-client, p-cpe:/a:redhat:enterprise_linux:openstack-java-keystone-model, p-cpe:/a:redhat:enterprise_linux:xmlrpc, p-cpe:/a:redhat:enterprise_linux:python3-pbr, p-cpe:/a:redhat:enterprise_linux:openstack-java-cinder-client, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extension-logger-log4j, p-cpe:/a:redhat:enterprise_linux:python3-netaddr, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dwh-grafana-integration-setup, p-cpe:/a:redhat:enterprise_linux:python-flask, p-cpe:/a:redhat:enterprise_linux:xmlrpc-common, p-cpe:/a:redhat:enterprise_linux:ovirt-log-collector, p-cpe:/a:redhat:enterprise_linux:ws-commons-util, p-cpe:/a:redhat:enterprise_linux:apache-commons-jxpath, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-ui-extensions, p-cpe:/a:redhat:enterprise_linux:python3-flask-restful, p-cpe:/a:redhat:enterprise_linux:novnc, p-cpe:/a:redhat:enterprise_linux:openstack-java-quantum-model, p-cpe:/a:redhat:enterprise_linux:openstack-java-heat-client, p-cpe:/a:redhat:enterprise_linux:ed25519-java-javadoc, p-cpe:/a:redhat:enterprise_linux:python2-pbr, p-cpe:/a:redhat:enterprise_linux:python3-ovirt-engine-lib, p-cpe:/a:redhat:enterprise_linux:python-six, p-cpe:/a:redhat:enterprise_linux:apache-sshd, p-cpe:/a:redhat:enterprise_linux:rhvm, p-cpe:/a:redhat:enterprise_linux:python3-flask, p-cpe:/a:redhat:enterprise_linux:openstack-java-sdk, p-cpe:/a:redhat:enterprise_linux:apache-commons-vfs-javadoc, p-cpe:/a:redhat:enterprise_linux:openstack-java-glance-model, p-cpe:/a:redhat:enterprise_linux:snmp4j, p-cpe:/a:redhat:enterprise_linux:openstack-java-ceilometer-client, p-cpe:/a:redhat:enterprise_linux:xmlrpc-javadoc, p-cpe:/a:redhat:enterprise_linux:openstack-java-glance-client, p-cpe:/a:redhat:enterprise_linux:python-netaddr, p-cpe:/a:redhat:enterprise_linux:apache-commons-jexl, p-cpe:/a:redhat:enterprise_linux:unboundid-ldapsdk-javadoc, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-webadmin-portal, p-cpe:/a:redhat:enterprise_linux:makeself, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extension-aaa-ldap-setup, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-cinderlib, p-cpe:/a:redhat:enterprise_linux:openstack-java-swift-client, p-cpe:/a:redhat:enterprise_linux:ovirt-fast-forward-upgrade, p-cpe:/a:redhat:enterprise_linux:openstack-java-quantum-client, p-cpe:/a:redhat:enterprise_linux:rhv-log-collector-analyzer, p-cpe:/a:redhat:enterprise_linux:apache-commons-compress-javadoc, p-cpe:/a:redhat:enterprise_linux:apache-commons-compress, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-extension-aaa-misc, p-cpe:/a:redhat:enterprise_linux:apache-commons-jexl-javadoc, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:ebay-cors-filter, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-vmconsole-proxy-helper, p-cpe:/a:redhat:enterprise_linux:rhvm-branding-rhv, p-cpe:/a:redhat:enterprise_linux:rhvm-dependencies, p-cpe:/a:redhat:enterprise_linux:xmlrpc-client, p-cpe:/a:redhat:enterprise_linux:python3-m2crypto, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dbscripts, p-cpe:/a:redhat:enterprise_linux:ansible-runner, p-cpe:/a:redhat:enterprise_linux:vdsm-jsonrpc-java, p-cpe:/a:redhat:enterprise_linux:openstack-java-nova-model, p-cpe:/a:redhat:enterprise_linux:log4j12-javadoc, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-restapi, p-cpe:/a:redhat:enterprise_linux:ovirt-scheduler-proxy, p-cpe:/a:redhat:enterprise_linux:python3-aniso8601

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/4/2020

Vulnerability Publication Date: 2/20/2019

Reference Information

CVE: CVE-2017-18635, CVE-2019-10086, CVE-2019-13990, CVE-2019-19336, CVE-2019-8331, CVE-2020-10775, CVE-2020-11022, CVE-2020-11023, CVE-2020-7598

CWE: 20, 502, 601, 611, 79

RHSA: 2020:3247