Password Update Vulnerability in oVirt by Red Hat
CVE-2017-2614

6.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Ovirt-engine-extension-aaa-jdbc
Vendor: CVE Published:; 27 July 2018

What is CVE-2017-2614?

The oVirt AAA JDBC tool versions prior to 1.1.3 contain a significant security flaw that occurs when users attempt to update their passwords within the RHVM database. This vulnerability allows an attacker with necessary access to manipulate the password for accounts associated with expired credentials. The lack of proper validation for current passwords during the update process could potentially lead to unauthorized account access, enhancing the risk of data breaches and other malicious activities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ovirt-engine-extension-aaa-jdbc 1.1.3

References

http://rhn.redhat.com/errata/RHSA-2017-0257.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Dec 1, 2016

JSON

Red Hat