CVE-2012-3533 — Ovirt-engine-cli vulnerability

CWE-3105 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 47.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ovirt Ovirt-engine-cliOvirt
Timeline
PublishedAug 31
Latest updateMay 17

Description

The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

â–¶NVDovirt/ovirt-engine-cli3.1.0.5
â–¶NVDovirt/ovirt3.1

🔴Vulnerability Details

2
GHSA
GHSA-9rch-5m7j-5mjm: The python SDK before 3↗2022-05-17
â–¶
CVEList
CVE-2012-3533: The python SDK before 3↗2012-08-31
â–¶

💬Community

2
Bugzilla
CVE-2012-3533 ovirt 3.1: does not validate server identity in new python SDK and CLI↗2012-08-24
â–¶
Bugzilla
CVE-2012-3533 ovirt 3.1: does not validate server identity in new python SDK and CLI [fedora-all]↗2012-08-24
â–¶
CVE-2012-3533 — Ovirt Ovirt-engine-cli vulnerability | cvebase