Lucene search
HistoryJan 24, 2014 - 6:55 p.m.
CVE-2013-6434
rhev-m
spice server
insecure connections
man-in-the-middle
cve-2013-6434
6.5 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.1%
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.
Affected configurations
Node
redhatenterprise_virtualization_managerRange≤3.2
ORredhatenterprise_virtualization_managerMatch2.1
ORredhatenterprise_virtualization_managerMatch2.2
ORredhatenterprise_virtualization_managerMatch2.2.3
ORredhatenterprise_virtualization_managerMatch3.0
ORredhatenterprise_virtualization_managerMatch3.1
Related
prion
prion
Code injection
2014-01-24 18:55:00
ubuntucve
ubuntucve
CVE-2013-6434
2014-01-24 00:00:00
nvd
nvd
CVE-2013-6434
2014-01-24 18:55:04
redhat
redhat
nessus
nessus
RHEL 6 : Virtualization Manager (RHSA-2014:0038)
2014-11-08 00:00:00
cvelist
cvelist
CVE-2013-6434
2014-01-24 18:00:00
6.5 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.1%
Related for CVE-2013-6434