← Voltar para CVEs
CVE-2009-3552
LOW3.1
Descricao
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform.
Detalhes CVE
Pontuacao CVSS v3.13.1
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vetor de ataqueADJACENT_NETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/9/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
redhat:enterprise_virtualization_manager
Fraquezas (CWE)
CWE-295
Referencias
https://access.redhat.com/security/cve/cve-2009-3552(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3552(secalert@redhat.com)
https://www.securityfocus.com/bid/42639(secalert@redhat.com)
https://access.redhat.com/security/cve/cve-2009-3552(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3552(af854a3a-2127-422b-91ae-364da2661108)
https://www.securityfocus.com/bid/42639(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.