Lucene search

[email protected]NVD:CVE-2017-2614

HistoryJul 27, 2018 - 6:29 p.m.

CVE-2017-2614

2018-07-2718:29:00

CWE-20

CWE-640

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

AI Score

6.6

Confidence

High

EPSS

Percentile

12.6%

JSON

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.

Affected configurations

Nvd

Node

redhatenterprise_virtualizationMatch4.0

VendorProductVersionCPE
redhatenterprise_virtualization4.0cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_virtualization	4.0	cpe:2.3:a:redhat:enterprise_virtualization:4.0:::::::*

References

rhn.redhat.com/errata/RHSA-2017-0257.html

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

AI Score

6.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2017-2614

prion1 cve1 veracode1 cvelist1 nessus1 redhatcve1 redhat1