icon

We found results for “

CVE-2017-2614

Good to know:

icon

Date: July 27, 2018

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

Weak Password Recovery Mechanism for Forgotten Password

CWE-640

Top Fix

icon

Upgrade Version

Upgrade to version v1.1.4-1

Learn More

CVSS v3

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privilegs Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us