The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote malicious users to execute arbitrary Python code via a man-in-the-middle attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise virtualization manager 2.1 |
||
redhat enterprise virtualization manager 2.2.3 |
||
redhat enterprise virtualization manager 2.2 |
||
redhat enterprise virtualization manager |