Vulnerability Details CVE-2013-6434
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.8%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2013-6434
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:2.1
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2.3
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:3.0
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:3.1
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:3.2