When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.
Find out more about CVE-2017-2614 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 6.8 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Changed |
Confidentiality | Low |
Integrity Impact | Low |
Availability Impact | Low |
Platform | Errata | Release Date |
---|---|---|
Red Hat Virtualization 4 (ovirt-engine-extension-aaa-jdbc) | RHSA-2017:0257 | 2017-02-06 |