CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1038599 | |
https://access.redhat.com/errata/RHSA-2017:1367 | |
https://access.redhat.com/errata/RHSA-2017:1601 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1341308 | Issue Tracking Vendor Advisory |
Configurations
History
12 Feb 2023, 23:21
Type | Values Removed | Values Added |
---|---|---|
Summary | CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | |
References |
|
02 Feb 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
Summary | CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time. However if an attacker were able to man-in-the-middle an administrator while installing the new certificate, the attacker could get a copy of the uploaded private key allowing for future attacks. | |
References |
|
Information
Published : 2017-06-08 18:29
Updated : 2023-12-10 12:15
NVD link : CVE-2016-4457
Mitre link : CVE-2016-4457
CVE.ORG link : CVE-2016-4457
JSON object : View
Products Affected
redhat
- cloudforms_management_engine
CWE
CWE-310
Cryptographic Issues