{"containers": {"cna": {"affected": [{"product": "CloudForms", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-31T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-28T09:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "98769", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98769"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639"}, {"name": "RHSA-2017:1367", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1367"}, {"name": "1038599", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038599"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:06.927Z"}, "title": "CVE Program Container", "references": [{"name": "98769", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98769"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639"}, {"name": "RHSA-2017:1367", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1367"}, {"name": "1038599", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038599"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2639", "datePublished": "2018-07-27T13:00:00.000Z", "dateReserved": "2016-12-01T00:00:00.000Z", "dateUpdated": "2024-08-05T14:02:06.927Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "32E1BA91-4695-4E64-A9D7-4A6CB6904D41", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "797195CF-CED6-4B72-878C-F7E987E9932F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms."}, {"lang": "es", "value": "Se ha detectado que CloudForms no verifica que el nombre de host del servidor coincida con el nombre de dominio en el certificado cuando se utiliza una CA personalizada y se comunica con Red Hat Virtualization (RHEV) y OpenShift. Esto permitir\u00eda a un atacante falsificar sistemas RHEV u OpenShift y potencialmente obtener informaci\u00f3n sensible de CloudForms."}], "id": "CVE-2017-2639", "lastModified": "2024-11-21T03:23:53.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-27T13:29:00.287", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98769"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038599"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1367"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038599"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "ansible-0:2.2.1.0-2.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "ansible-tower-0:3.1.2-1.el7at", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "bubblewrap-0:0.1.7-1.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-0:5.8.0.17-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-appliance-0:5.8.0.17-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-gemset-0:5.8.0.17-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "erlang-0:19.0.4-1.el7at", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "freeipmi-0:1.5.1-2.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "google-compute-engine-0:2.0.0-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "google-config-0:2.0.0-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "libtomcrypt-0:1.17-23.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "libtommath-0:0.42.0-4.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "nginx-1:1.10.2-1.el7at", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "postgresql94-0:9.4.11-2PGDG.el7at", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "prince-0:9.0r2-10.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "python-crypto-0:2.6.1-7.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "python-ecdsa-0:0.11-4.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "python-httplib2-0:0.9.1-2.1.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "python-keyczar-0:0.71c-2.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "python-meld3-0:0.6.10-1.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "python-paramiko-0:1.15.2-3.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "python-passlib-0:1.6.5-1.1.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rabbitmq-server-0:3.6.5-1.el7at", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-postgresql95-postgresql-pglogical-0:1.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-postgresql95-repmgr-0:3.1.3-2.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-bcrypt-0:3.1.10-3.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-eventmachine-0:1.0.7-6.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-ffi-0:1.9.8-4.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-hamlit-0:2.7.2-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-http_parser.rb-0:0.6.0-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-json-0:2.0.2-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-linux_block_device-0:0.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-memory_buffer-0:0.1.0-2.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-net_app_manageability-0:0.1.0-3.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-nio4r-0:1.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-nokogiri-0:1.6.8-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-ovirt-engine-sdk4-0:4.1.5-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-pg-0:0.18.2-5.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-pkg-config-0:1.1.7-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-puma-0:3.3.0-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-redhat_access_cfme-0:1.1.0-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-redhat_access_lib-0:0.1.0-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-rugged-0:0.25.0-b10.2.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-thin-0:1.7.0-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-unf_ext-0:0.0.7.1-3.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-websocket-driver-0:0.6.3-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "smem-0:1.4-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "sshpass-0:1.06-1.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "supervisor-0:3.1.3-3.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}, {"advisory": "RHSA-2017:1367", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "wmi-0:1.3.14-7.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-05-31T00:00:00Z"}], "bugzilla": {"description": "CloudForms: cloudforms fails to properly check certificates when communicating with RHEV and OpenShift and custom CA", "id": "1429632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429632"}, "csaw": false, "cvss": {"cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-295", "details": ["It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.", "It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms."], "name": "CVE-2017-2639", "public_date": "2017-05-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-2639\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2639"], "threat_severity": "Moderate"}

{}