First published: Wed Nov 13 2019(Updated: )
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Enterprise Virtualization | =3.0 | |
Redhat Vdsclient | ||
Redhat Virtual Desktop Server Manager |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-8167 is a vulnerability in vdsm and vdsclient that allows a man-in-the-middle attack due to the lack of certificate hostname validation.
CVE-2014-8167 affects Redhat Enterprise Virtualization version 3.0, allowing a man-in-the-middle attack.
Yes, CVE-2014-8167 also affects Redhat Vdsclient, enabling a man-in-the-middle attack.
Yes, Redhat Virtual Desktop Server Manager is impacted by CVE-2014-8167 and can be vulnerable to a man-in-the-middle attack.
CVE-2014-8167 has a severity rating of 5.9 (medium).
The CWE ID for CVE-2014-8167 is 295.
To fix CVE-2014-8167, update vdsm and vdsclient to versions that include hostname certificate validation.