4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
An attacker might exploit this vulnerability using man-in-the-middle techniques to obtain sensitive information. The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl. It allows remote attackers to obtain sensitive information by sniffing the network.
CVE ID:CVE-2013-6491
DESCRIPTION:
OpenStack Compute SSL information disclosure
CVSS:
CVSS Base Score: 4.3
_CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/90915>__ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
IBM SmartCloud Orchestrator V2.3, V2.3 Fix Pack 1, V2.2, and V2.2 Fix Pack 1
The recommended solution is to apply the fix as soon as practical. Upgrade to IBM SmartCloud Orchestrator 2.3 Fix Pack 1 Interim Fix 4.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm smartcloud orchestrator | eq | 2.2 | |
ibm smartcloud orchestrator | eq | 2.2.0.1 | |
ibm smartcloud orchestrator | eq | 2.3 |