In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-09T16:40:52

Updated: 2024-08-04T13:15:20.780Z

Reserved: 2020-07-04T00:00:00

Link: CVE-2020-15526

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-09T17:15:12.310

Modified: 2024-11-21T05:05:41.813

Link: CVE-2020-15526

cve-icon Redhat

No data.