Password Update Vulnerability in oVirt by Red Hat
CVE-2017-2614

6.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Ovirt-engine-extension-aaa-jdbc
Vendor: CVE Published:; 27 July 2018

Summary

The oVirt AAA JDBC tool versions prior to 1.1.3 contain a significant security flaw that occurs when users attempt to update their passwords within the RHVM database. This vulnerability allows an attacker with necessary access to manipulate the password for accounts associated with expired credentials. The lack of proper validation for current passwords during the update process could potentially lead to unauthorized account access, enhancing the risk of data breaches and other malicious activities.

Affected Version(s)

ovirt-engine-extension-aaa-jdbc 1.1.3

References

http://rhn.redhat.com/errata/RHSA-2017-0257.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Dec 1, 2016