This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated rhevm-log-collector package that fixes one security issue
is now available for Red Hat Enterprise Virtualization 3.
Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in
the References section.
The rhevm-log-collector utility allows users to easily collect log
files from all systems in their Red Hat Enterprise Virtualization
It was found that rhevm-log-collector called sosreport with the
PostgreSQL database password passed as a command line parameter. A
local attacker could read this password by monitoring a process
listing. The password would also be written to a log file, which could
potentially be read by a local attacker. (CVE-2014-3561)
This issue was discovered by David Jorm of Red Hat Product Security.
All rhevm-log-collector users are advised to upgrade to this updated
package, which contains a backported patch to correct this issue.
See also :
Update the affected rhevm-log-collector package.
Risk factor :
Low / CVSS Base Score : 2.1