Password Update Vulnerability in oVirt by Red Hat
CVE-2017-2614

6.8MEDIUM

Key Information:

Vendor
Red Hat
Vendor
CVE Published:
27 July 2018

Summary

The oVirt AAA JDBC tool versions prior to 1.1.3 contain a significant security flaw that occurs when users attempt to update their passwords within the RHVM database. This vulnerability allows an attacker with necessary access to manipulate the password for accounts associated with expired credentials. The lack of proper validation for current passwords during the update process could potentially lead to unauthorized account access, enhancing the risk of data breaches and other malicious activities.

Affected Version(s)

ovirt-engine-extension-aaa-jdbc 1.1.3

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.