Vulnerability Details CVE-2014-0161
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.1%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2014-0161
-
cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:*
-
cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:3.3.0.3-1
-
cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:3.3.0.6-1
-
cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:3.3.0.7-1
-
cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:3.3.0.8-1
-
cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:3.3.5.0
-
cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:3.4.0.1-1
-
cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:3.4.0.2
-
cpe:2.3:a:ovirt-engine-sdk-python_project:ovirt-engine-sdk-python:3.4.0.6