CVE-2014-8167

CWE-295 — Improper Certificate Validation CWE-2975 documents5 sources

Severity

5.9MEDIUM

EPSS

0.3%

top 49.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vdsm AND Vdsclient Vdsm AND Vdsclient Redhat Enterprise Virtualization

Timeline

PublishedNov 13

Latest updateMay 17

Description

vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5vdsm_and_vdsclient/vdsm_and_vdsclientthrough 2014-11-18

▶NVDredhat/enterprise_virtualization3.0

🔴Vulnerability Details

GHSA

GHSA-h68j-mvrw-qh9v: vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack↗2022-05-17

▶

CVEList

CVE-2014-8167: vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack↗2019-11-13

▶

📋Vendor Advisories

Red Hat

vdsclient: does not validate certficate hostname from another vdsm↗2014-02-03

▶

💬Community

Bugzilla

CVE-2014-8167 vdsm and vdsclient: does not validate certficate hostname from another vdsm↗2014-11-18

▶