3.1

CVE-2009-3552

In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.27
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.1 1.6 1.4
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 2.9 5.5 2.9
AV:A/AC:M/Au:N/C:N/I:P/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://access.redhat.com/security/cve/cve-2009-3552
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3552
Third Party Advisory
Issue Tracking
https://www.securityfocus.com/bid/42639
Third Party Advisory
VDB Entry