5
CVSSv2

CVE-2012-3533

Published: 31/08/2012 Updated: 29/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The python SDK prior to 3.1.0.6 and CLI prior to 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote malicious users to spoof a server via a man-in-the-middle (MITM) attack.

Affected Products

Vendor Product Versions
OvirtOvirt3.1
OvirtOvirt-engine-cli3.1.0.5
Ovirt-engine-sdk3.1.0.5*