CyberSec.Space Logo
Back to CVE Browser

CVE-2016-4474

HIGH
8.8
CVSS Severity Score
EPSS Score0.0650%
EPSS Percentile39.47th
PublishedJun 30, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Redhat

Openstack

= 7.0
πŸ“¦
Redhat

Openstack

= 8

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2016-1222.html
πŸ”— https://access.redhat.com/security/vulnerabilities/2359821
πŸ”— https://rhn.redhat.com/errata/RHSA-2016-1223.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2016-1222.html
πŸ”— https://access.redhat.com/security/vulnerabilities/2359821
πŸ”— https://rhn.redhat.com/errata/RHSA-2016-1223.html

Related Vulnerabilities

CVE-2015-184210.0

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for th...

CVE-2020-269439.9

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboar...

CVE-2020-107319.9

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabl...

CVE-2017-26379.9

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. L...