CVE-2017-2639

EPSS 0.52%
Published 27.07.2018 13:29:00
Last modified 21.11.2024 03:23:53
Source secalert@redhat.com
Teams watchlist Login
Open Login

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.

Affected products Warnungen 0 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Cloudforms Version4.5

Redhat ≫ Cloudforms Management Engine Version5.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.52%	0.659

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.securitytracker.com/id/1038599

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2017:1367

Vendor Advisory

http://www.securityfocus.com/bid/98769

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-2639

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2639

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2639

EUVD