In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-09T16:40:52
Updated: 2024-08-04T13:15:20.780Z
Reserved: 2020-07-04T00:00:00
Link: CVE-2020-15526
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-07-09T17:15:12.310
Modified: 2024-11-21T05:05:41.813
Link: CVE-2020-15526
Redhat
No data.