CVE-2014-8164

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

9.1CRITICAL

EPSS

0.1%

top 65.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms Management Engine

Timeline

PublishedJul 6

Latest updateJul 7

Description

A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5red_hat_cloudformsRed Hat CloudForms 5.x

▶NVDredhat/cloudforms_management_engine5.0

🔴Vulnerability Details

GHSA

GHSA-c5wm-wjmg-6v8p: A insecure configuration for certificate verification (http↗2022-07-07

▶

CVEList

CVE-2014-8164: A insecure configuration for certificate verification (http↗2022-07-06

▶

📋Vendor Advisories

Red Hat

CFME: http.verify_mode = OpenSSL::SSL::VERIFY_NONE↗2015-01-16

▶

💬Community

Bugzilla

CVE-2014-8164 CFME: http.verify_mode = OpenSSL::SSL::VERIFY_NONE↗2014-10-09

▶