CVE-2021-3494

EPSS 0.25%
Veröffentlicht 26.04.2021 15:15:07
Zuletzt bearbeitet 21.11.2024 06:21:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Theforeman ≫ Foreman Version < 2.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.452

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://bugzilla.redhat.com/show_bug.cgi?id=1948005

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-3494

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3494

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3494

EUVD