It was found that rhevm-log-collector called sosreport with the PostgreSQL database password passed as a command line parameter. A local attacker could read this password by monitoring a process listing. The password would also be written to a log file, which could potentially be read by a local attacker.
This issue was discovered by David Jorm of Red Hat Product Security.
Both dependencies verified, setting verified.
This issue has been addressed in the following products:
RHEV Manager version 3.4
Via RHSA-2014:1947 https://rhn.redhat.com/errata/RHSA-2014-1947.html