{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "CloudForms Cloud Engine 1.1.2 is now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat CloudForms is an on-premise hybrid cloud\nInfrastructure-as-a-Service (IaaS) product that lets you create and manage\nprivate and public clouds. It provides self-service computing resources to\nusers in a managed, governed, and secure way. CloudForms Cloud Engine is a\nmanagement application for cloud resources.\n\nIt was found that the Aeolus Configuration Server stored passwords in plain\ntext in the world-readable \"/var/log/aeolus-configserver/configserver.log\"\nfile. A local attacker could use this flaw to obtain the administrative\npasswords for other services (such as Katello, databases, and so on).\n(CVE-2012-6117)\n\nIt was found that Conductor, the web-based management console, allowed\nunprivileged users to modify their quota for the number of instances they\nare allowed to run. An unprivileged user could use this flaw to monopolize\nresources and run more instances than intended. (CVE-2012-6118)\n\nIt was found that the aeolus-configserver-setup script created a\nworld-readable file containing authentication details in plain text in the\n\"/tmp/\" directory. A local attacker could use this flaw to obtain Audrey\ncredentials, allowing them to make configuration changes to Audrey-enabled\ninstances. (CVE-2012-5509)\n\nThe CVE-2012-6117 issue was discovered by James Laska of Red Hat;\nCVE-2012-6118 was discovered by Tomas Sedovic of Red Hat; and CVE-2012-5509\nwas discovered by Aaron Weitekamp of the Red Hat Cloud Quality Engineering\nteam.\n\nThis update also fixes the following bug:\n\n* A bug in the initial filter view for instances caused stopped instances\nto display for the default \"Non stopped applications\" option until\nauto-refresh. This bug fix corrects the form rendering for the filter view.\nThe filter view now displays only non-stopped instances. (BZ#895569)\n\nAdditionally, this update adds the following enhancements:\n\n* Red Hat Enterprise Linux 5.9 support to guest image building in\nCloudForms Cloud Engine. (BZ#903646)\n\n* Support for Red Hat Enterprise Linux 5.9 Amazon Machine Images (AMI) on\nAmazon Web Services (AWS) Elastic Compute Cloud (EC2) providers for\nCloudForms Cloud Engine. (BZ#903651)\n\n* Red Hat Enterprise Linux 6.4 support to guest image building in\nCloudForms Cloud Engine. (BZ#903395)\n\n* Support for Red Hat Enterprise Linux 6.4 Amazon Machine Images (AMI) on\nAmazon Web Services (AWS) Elastic Compute Cloud (EC2) providers for\nCloudForms Cloud Engine. (BZ#903650)\n\nRefer to the CloudForms 1.1.2 Release Notes for further information about\nthis release. The Release Notes will be available shortly from\nhttps://access.redhat.com/knowledge/docs/\n\nTo upgrade, follow the upgrade instructions in the CloudForms Installation\nGuide:\n\nhttps://access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/Updating_CloudForms_Cloud_Engine.html\n\nUsers of CloudForms Cloud Engine are advised to upgrade to these updated\npackages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0545",
        "url": "https://access.redhat.com/errata/RHSA-2013:0545"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/knowledge/docs/",
        "url": "https://access.redhat.com/knowledge/docs/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/Updating_CloudForms_Cloud_Engine.html",
        "url": "https://access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/Updating_CloudForms_Cloud_Engine.html"
      },
      {
        "category": "external",
        "summary": "875294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875294"
      },
      {
        "category": "external",
        "summary": "895569",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895569"
      },
      {
        "category": "external",
        "summary": "903395",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903395"
      },
      {
        "category": "external",
        "summary": "903646",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903646"
      },
      {
        "category": "external",
        "summary": "903650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903650"
      },
      {
        "category": "external",
        "summary": "903651",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903651"
      },
      {
        "category": "external",
        "summary": "906192",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906192"
      },
      {
        "category": "external",
        "summary": "906201",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906201"
      },
      {
        "category": "external",
        "summary": "912395",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912395"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0545.json"
      }
    ],
    "title": "Red Hat Security Advisory: CloudForms Cloud Engine 1.1.2 update",
    "tracking": {
      "current_release_date": "2026-06-27T13:14:24+00:00",
      "generator": {
        "date": "2026-06-27T13:14:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.2.6"
        }
      },
      "id": "RHSA-2013:0545",
      "initial_release_date": "2013-02-21T18:53:00+00:00",
      "revision_history": [
        {
          "date": "2013-02-21T18:53:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-02-21T19:01:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-27T13:14:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CloudForms Cloud Engine for RHEL 6 Server",
                "product": {
                  "name": "CloudForms Cloud Engine for RHEL 6 Server",
                  "product_id": "6Server-CloudEngine",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cloudforms_cloudengine:1::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat CloudForms"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
                "product": {
                  "name": "aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
                  "product_id": "aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aeolus-conductor-daemons@0.13.26-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
                "product": {
                  "name": "aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
                  "product_id": "aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aeolus-conductor-doc@0.13.26-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
                "product": {
                  "name": "aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
                  "product_id": "aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aeolus-conductor-devel@0.13.26-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "aeolus-all-0:0.13.26-1.el6cf.noarch",
                "product": {
                  "name": "aeolus-all-0:0.13.26-1.el6cf.noarch",
                  "product_id": "aeolus-all-0:0.13.26-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aeolus-all@0.13.26-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "aeolus-conductor-0:0.13.26-1.el6cf.noarch",
                "product": {
                  "name": "aeolus-conductor-0:0.13.26-1.el6cf.noarch",
                  "product_id": "aeolus-conductor-0:0.13.26-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aeolus-conductor@0.13.26-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oz-0:0.8.0-8.el6cf.noarch",
                "product": {
                  "name": "oz-0:0.8.0-8.el6cf.noarch",
                  "product_id": "oz-0:0.8.0-8.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/oz@0.8.0-8.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "aeolus-configserver-0:0.4.12-3.el6cf.noarch",
                "product": {
                  "name": "aeolus-configserver-0:0.4.12-3.el6cf.noarch",
                  "product_id": "aeolus-configserver-0:0.4.12-3.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aeolus-configserver@0.4.12-3.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
                "product": {
                  "name": "imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
                  "product_id": "imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/imagefactory-jeosconf-ec2-fedora@1.0.3-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
                "product": {
                  "name": "imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
                  "product_id": "imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/imagefactory-jeosconf-ec2-rhel@1.0.3-1.el6cf?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "imagefactory-0:1.0.3-1.el6cf.noarch",
                "product": {
                  "name": "imagefactory-0:1.0.3-1.el6cf.noarch",
                  "product_id": "imagefactory-0:1.0.3-1.el6cf.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/imagefactory@1.0.3-1.el6cf?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "aeolus-conductor-0:0.13.26-1.el6cf.src",
                "product": {
                  "name": "aeolus-conductor-0:0.13.26-1.el6cf.src",
                  "product_id": "aeolus-conductor-0:0.13.26-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aeolus-conductor@0.13.26-1.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oz-0:0.8.0-8.el6cf.src",
                "product": {
                  "name": "oz-0:0.8.0-8.el6cf.src",
                  "product_id": "oz-0:0.8.0-8.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/oz@0.8.0-8.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "aeolus-configserver-0:0.4.12-3.el6cf.src",
                "product": {
                  "name": "aeolus-configserver-0:0.4.12-3.el6cf.src",
                  "product_id": "aeolus-configserver-0:0.4.12-3.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/aeolus-configserver@0.4.12-3.el6cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "imagefactory-0:1.0.3-1.el6cf.src",
                "product": {
                  "name": "imagefactory-0:1.0.3-1.el6cf.src",
                  "product_id": "imagefactory-0:1.0.3-1.el6cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/imagefactory@1.0.3-1.el6cf?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aeolus-all-0:0.13.26-1.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch"
        },
        "product_reference": "aeolus-all-0:0.13.26-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aeolus-conductor-0:0.13.26-1.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch"
        },
        "product_reference": "aeolus-conductor-0:0.13.26-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aeolus-conductor-0:0.13.26-1.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src"
        },
        "product_reference": "aeolus-conductor-0:0.13.26-1.el6cf.src",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch"
        },
        "product_reference": "aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch"
        },
        "product_reference": "aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch"
        },
        "product_reference": "aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aeolus-configserver-0:0.4.12-3.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch"
        },
        "product_reference": "aeolus-configserver-0:0.4.12-3.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aeolus-configserver-0:0.4.12-3.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src"
        },
        "product_reference": "aeolus-configserver-0:0.4.12-3.el6cf.src",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "imagefactory-0:1.0.3-1.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch"
        },
        "product_reference": "imagefactory-0:1.0.3-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "imagefactory-0:1.0.3-1.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src"
        },
        "product_reference": "imagefactory-0:1.0.3-1.el6cf.src",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch"
        },
        "product_reference": "imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch"
        },
        "product_reference": "imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oz-0:0.8.0-8.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch"
        },
        "product_reference": "oz-0:0.8.0-8.el6cf.noarch",
        "relates_to_product_reference": "6Server-CloudEngine"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oz-0:0.8.0-8.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server",
          "product_id": "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
        },
        "product_reference": "oz-0:0.8.0-8.el6cf.src",
        "relates_to_product_reference": "6Server-CloudEngine"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Aaron Weitekamp"
          ],
          "organization": "Red Hat Cloud Quality Engineering team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2012-5509",
      "cwe": {
        "id": "CWE-538",
        "name": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
      },
      "discovery_date": "2012-11-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "875294"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "aeolus-configserver: aeolus-configserver-setup /tmp file conductor credentials leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src",
          "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch",
          "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src",
          "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch",
          "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src",
          "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
          "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
          "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch",
          "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-5509"
        },
        {
          "category": "external",
          "summary": "RHBZ#875294",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875294"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-5509"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5509",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5509"
        }
      ],
      "release_date": "2013-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-02-21T18:53:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src",
            "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0545"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src",
            "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "aeolus-configserver: aeolus-configserver-setup /tmp file conductor credentials leak"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "James Laska"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2012-6117",
      "discovery_date": "2012-11-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "906201"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Configserver: Passwords from application blueprint stored plaintext in configserver.log",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src",
          "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch",
          "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src",
          "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch",
          "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src",
          "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
          "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
          "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch",
          "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-6117"
        },
        {
          "category": "external",
          "summary": "RHBZ#906201",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906201"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6117",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-6117"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6117",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6117"
        }
      ],
      "release_date": "2012-11-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-02-21T18:53:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src",
            "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0545"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src",
            "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Configserver: Passwords from application blueprint stored plaintext in configserver.log"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Tomas Sedovic"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2012-6118",
      "discovery_date": "2012-12-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "906192"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Conductor: Unprivileged user can change their own Maximum Running Instances quota",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src",
          "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
          "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch",
          "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src",
          "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch",
          "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src",
          "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
          "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
          "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch",
          "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-6118"
        },
        {
          "category": "external",
          "summary": "RHBZ#906192",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906192"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6118",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-6118"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6118",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6118"
        }
      ],
      "release_date": "2013-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-02-21T18:53:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src",
            "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0545"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-CloudEngine:aeolus-all-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-0:0.13.26-1.el6cf.src",
            "6Server-CloudEngine:aeolus-conductor-daemons-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-devel-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-conductor-doc-0:0.13.26-1.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.noarch",
            "6Server-CloudEngine:aeolus-configserver-0:0.4.12-3.el6cf.src",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-0:1.0.3-1.el6cf.src",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-fedora-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:imagefactory-jeosconf-ec2-rhel-0:1.0.3-1.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.noarch",
            "6Server-CloudEngine:oz-0:0.8.0-8.el6cf.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Conductor: Unprivileged user can change their own Maximum Running Instances quota"
    }
  ]
}