CVE Vulnerabilities

CVE-2013-6434

Published: Jan 24, 2014 | Modified: Jan 24, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 IMPORTANT
AV:A/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.

Affected Software

Name Vendor Start Version End Version
Enterprise_virtualization_manager Redhat 2.1 2.1
Enterprise_virtualization_manager Redhat 2.2 2.2
Enterprise_virtualization_manager Redhat 2.2.3 2.2.3
Enterprise_virtualization_manager Redhat 3.0 3.0
Enterprise_virtualization_manager Redhat 3.1 3.1
Enterprise_virtualization_manager Redhat * 3.2
RHEV Manager version 3.3 RedHat org.ovirt.engine-root-0:3.3.0-45 *

References