CVE-2017-2639

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.

Published : 2018-07-27 13:29 Updated : 2018-10-02 12:09

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Redhat Cloudforms 4.5 cpe:/a:redhat:cloudforms:4.5
Redhat Cloudforms Management Engine 5.8 cpe:/a:redhat:cloudforms_management_engine:5.8
  1. Redhat (2) Search CVE
    1. Cloudforms (1) Search CVE
      1. 4.5
    2. Cloudforms Management Engine (1) Search CVE
      1. 5.8

CWE

ID Name Description Links
CWE-295 Improper Certificate Validation The software does not validate, or incorrectly validates, a certificate. CVE

History of changes

Date Event
2018-10-02 12:09
2018-07-29 01:29
2018-07-27 13:29

New CVE