Vulnerability Details CVE-2017-2614
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.7%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 2.1
References
Products affected by CVE-2017-2614
-
cpe:2.3:a:redhat:enterprise_virtualization:4.0