7.5

CVE-2017-2639

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatCloudforms Version4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.14% 0.624
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.securitytracker.com/id/1038599
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1367
Vendor Advisory
http://www.securityfocus.com/bid/98769
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639
Vendor Advisory
Issue Tracking