ROSA LABROSA-SA-2021-1958Advisory ROSA-SA-2021-1958
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.9%
Software: pywbem 0.7.0
OS: Cobalt 7.9
CVE-ID: CVE-2013-6418
CVE-Crit: HIGH
CVE-DESC: PyWBEM 0.7 and earlier versions use a separate connection to validate X.509 certificates, which allows “attacker-in-the-middle” attackers to trick a peer node with an arbitrary certificate.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2013-6444
CVE-Crit: HIGH
CVE-DESC: PyWBEM 0.7 and earlier does not verify that the server hostname matches the domain name in the Common Name (CN) or subjectAltName field of an X.509 certificate subject, allowing intermediary attackers to spoof SSL. servers via an arbitrary valid certificate.
CVE-STATUS: default
CVE-REV: default
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.9%