CVE-2017-2639
published 2018-07-27CVE-2017-2639: It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | cloudforms | — | — |
| redhat | cloudforms_management_engine | — | — |