CVE-2017-2639

EPSS 0.52%
Veröffentlicht 27.07.2018 13:29:00
Zuletzt bearbeitet 21.11.2024 03:23:53
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Cloudforms Version4.5

Redhat ≫ Cloudforms Management Engine Version5.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.659

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.securitytracker.com/id/1038599

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2017:1367

Vendor Advisory

http://www.securityfocus.com/bid/98769

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-2639

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2639

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2639

EUVD