CVE Vulnerabilities

CVE-2013-6434

Published: Jan 24, 2014 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 IMPORTANT
AV:A/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.

Affected Software

Name Vendor Start Version End Version
Enterprise_virtualization_manager Redhat * 3.2 (including)
Enterprise_virtualization_manager Redhat 2.1 (including) 2.1 (including)
Enterprise_virtualization_manager Redhat 2.2 (including) 2.2 (including)
Enterprise_virtualization_manager Redhat 2.2.3 (including) 2.2.3 (including)
Enterprise_virtualization_manager Redhat 3.0 (including) 3.0 (including)
Enterprise_virtualization_manager Redhat 3.1 (including) 3.1 (including)
RHEV Manager version 3.3 RedHat org.ovirt.engine-root-0:3.3.0-45 *

References