CVE-2016-7060
low-risk
Published 2017-04-14
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.
Do I need to act?
-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10
Medium
PHYSICAL
/ LOW complexity
Affected Products (1)
Quickstart Cloud Installer
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/97678
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1379909
Third Party Advisory
http://www.securityfocus.com/bid/97678
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1379909
21
/ 100
low-risk
Severity
16/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal