CVE-2014-3706

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

5.9MEDIUM

EPSS

0.2%

top 55.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise MRG

Timeline

PublishedOct 18

Latest updateMay 17

Description

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/enterprise_mrg3.0

🔴Vulnerability Details

GHSA

GHSA-g7pg-wj9c-h3j9: ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X↗2022-05-17

▶

CVEList

CVE-2014-3706: ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X↗2017-10-18

▶

📋Vendor Advisories

Red Hat

ovirt-engine: connection does not validate certificate attributes.↗2015-02-20

▶

💬Community

Bugzilla

CVE-2014-3706 ovirt-engine: connection does not validate certificate attributes.↗2014-10-21

▶