{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated redhat-support-plugin-rhev packages that fix a security flaw \nand a bug are now available.\n\nRed Hat Product Security has rated this update as having Important \nsecurity impact. Common Vulnerability Scoring System (CVSS) base \nscores, which give detailed severity ratings, are available for each \nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Red Hat Support plug-in for Red Hat Enterprise Virtualization \noffers seamless integrated access to Red Hat subscription services \nfrom the Red Hat Enterprise Virtualization administration portal. The \nplug-in provides automated functionality that enables quicker help, \nanswers, and proactive services. It offers easy and instant access to \nRed Hat exclusive knowledge, resources, engagement, and diagnostic \nfeatures.\n\nIt was found that redhat-support-plugin-rhev passed a user-specified \npath and file name directly to the command line in the log viewer \ncomponent. This could allow users with the SuperUser role on any \nEntity to execute arbitrary commands on any host in the RHEV \nenvironment. (CVE-2015-7544)\n\nAll Red Hat Enterprise Virtualization Manager users are advised to \nupgrade to these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:0426",
        "url": "https://access.redhat.com/errata/RHSA-2016:0426"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1138310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138310"
      },
      {
        "category": "external",
        "summary": "1173074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173074"
      },
      {
        "category": "external",
        "summary": "1269588",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0426.json"
      }
    ],
    "title": "Red Hat Security Advisory: redhat-support-plugin-rhev security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-28T12:26:58+00:00",
      "generator": {
        "date": "2026-06-28T12:26:58+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.2.6"
        }
      },
      "id": "RHSA-2016:0426",
      "initial_release_date": "2016-03-09T20:20:37+00:00",
      "revision_history": [
        {
          "date": "2016-03-09T20:20:37+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-03-09T20:20:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-28T12:26:58+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEV-M 3.6",
                "product": {
                  "name": "RHEV-M 3.6",
                  "product_id": "6Server-RHEV-S-3.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-support-plugin-rhev-0:3.6.0-12.el6.noarch",
                "product": {
                  "name": "redhat-support-plugin-rhev-0:3.6.0-12.el6.noarch",
                  "product_id": "redhat-support-plugin-rhev-0:3.6.0-12.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-support-plugin-rhev@3.6.0-12.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-support-plugin-rhev-0:3.6.0-12.el6.src",
                "product": {
                  "name": "redhat-support-plugin-rhev-0:3.6.0-12.el6.src",
                  "product_id": "redhat-support-plugin-rhev-0:3.6.0-12.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-support-plugin-rhev@3.6.0-12.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-support-plugin-rhev-0:3.6.0-12.el6.noarch as a component of RHEV-M 3.6",
          "product_id": "6Server-RHEV-S-3.6:redhat-support-plugin-rhev-0:3.6.0-12.el6.noarch"
        },
        "product_reference": "redhat-support-plugin-rhev-0:3.6.0-12.el6.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-support-plugin-rhev-0:3.6.0-12.el6.src as a component of RHEV-M 3.6",
          "product_id": "6Server-RHEV-S-3.6:redhat-support-plugin-rhev-0:3.6.0-12.el6.src"
        },
        "product_reference": "redhat-support-plugin-rhev-0:3.6.0-12.el6.src",
        "relates_to_product_reference": "6Server-RHEV-S-3.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Alexander Wels"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2015-7544",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2015-10-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1269588"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that redhat-support-plugin-rhev passed a user-specified path and file name directly to the command line in the log viewer component. This could allow users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "redhat-support-plugin-rhev: Remote code execution by SuperUser role on hosts in RHEV",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-S-3.6:redhat-support-plugin-rhev-0:3.6.0-12.el6.noarch",
          "6Server-RHEV-S-3.6:redhat-support-plugin-rhev-0:3.6.0-12.el6.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-7544"
        },
        {
          "category": "external",
          "summary": "RHBZ#1269588",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269588"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-7544",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-7544"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7544",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7544"
        }
      ],
      "release_date": "2015-12-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-03-09T20:20:37+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHEV-S-3.6:redhat-support-plugin-rhev-0:3.6.0-12.el6.noarch",
            "6Server-RHEV-S-3.6:redhat-support-plugin-rhev-0:3.6.0-12.el6.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:0426"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-S-3.6:redhat-support-plugin-rhev-0:3.6.0-12.el6.noarch",
            "6Server-RHEV-S-3.6:redhat-support-plugin-rhev-0:3.6.0-12.el6.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "redhat-support-plugin-rhev: Remote code execution by SuperUser role on hosts in RHEV"
    }
  ]
}