EUVD-2017-11799

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

CloudForms lacks hostname verification for custom CA, risking RHEV and OpenShift spoofing attacks.

Reporter	Title	Published	Views	Family All 13
CNVD	Red Hat CloudForms Management Engine Information Disclosure Vulnerability	2 Jun 201700:00	–	cnvd
CVE	CVE-2017-2639	27 Jul 201813:00	–	cve
Cvelist	CVE-2017-2639	27 Jul 201813:00	–	cvelist
NVD	CVE-2017-2639	27 Jul 201813:29	–	nvd
OSV	CVE-2017-2639	27 Jul 201813:29	–	osv
OSV	RHSA-2017:1367 Red Hat Security Advisory: CFME 5.8.0 security, bug, and enhancement update	16 Sep 202400:02	–	osv
Prion	Code injection	27 Jul 201813:29	–	prion
Positive Technologies	PT-2018-7154 · Red Hat · Openshift +2	27 Jul 201800:00	–	ptsecurity
Tenable Nessus	RHEL 7 : CFME 5.8.0 (RHSA-2017:1367)	24 Mar 202500:00	–	nessus
RedhatCVE	CVE-2017-2639	10 Oct 201910:05	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "ceee8eee-a6ac-3d94-90a6-804988cbab8f",
        "vendor": {
          "name": "[UNKNOWN]"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1ed24608-0b60-3727-b954-8f6acb4efbf6",
        "product": {
          "name": "CloudForms"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2017:1367
securityfocus	www.securityfocus.com/bid/98769
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
securitytracker	www.securitytracker.com/id/1038599
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.8Medium risk

Vulners AI Score6.8

CVSS 36.5 - 7.5

CVSS 25

EPSS0.00251