Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-2614

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.

Published

2018-07-27T18:29:00.687

Last Modified

2024-11-21T03:23:50.067

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-640

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	enterprise_virtualization	4.0	Yes

References

http://rhn.redhat.com/errata/RHSA-2017-0257.html Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614 Issue Tracking, Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2017-0257.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)