Home > Vulnerability Database > CVE-2017-2614

Mend.io Vulnerability Database

CVE-2017-2614

Good to know:

Date: July 27, 2018

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.

Language: Java

Severity Score

6.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-2614

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614

Url: http://rhn.redhat.com/errata/RHSA-2017-0257.html

Url: https://www.mend.io/vulnerability-database/CVE-2017-2614

Severity Score

6.3

Weakness Type (CWE)

Input Validation

CWE-20

Weak Password Recovery Mechanism for Forgotten Password

CWE-640

Top Fix

Upgrade Version

Upgrade to version v1.1.4-1

Learn More

CVSS v3

Base Score:	6.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-2614

Good to know:

Date: July 27, 2018

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?