CVE-2009-3552

{"id": "CVE-2009-3552", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2019-11-09T03:15:10.307", "references": [{"url": "https://access.redhat.com/security/cve/cve-2009-3552", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3552", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.securityfocus.com/bid/42639", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform."}, {"lang": "es", "value": "En RHEV-M VDC versi\u00f3n 2.2.0, se detect\u00f3 que el certificado SSL no fue comprobado cuando se usaba la interfaz Red Hat Enterprise Virtualization Manager del lado del cliente (una aplicaci\u00f3n de navegador XAML de Windows Presentation Foundation (WPF)) para conectar con el Red Hat Enterprise Virtualization Manager. Un atacante en la red local podr\u00eda utilizar este fallo para conducir un ataque de tipo man-in-the-middle, enga\u00f1ando al usuario para que piense que est\u00e1 visualizando el Red Hat Enterprise Virtualization Manager cuando el contenido est\u00e1 realmente controlado por el atacante, o modificando acciones que un usuario solicit\u00f3 a Red Hat Enterprise Virtualization Manager realizar."}], "lastModified": "2019-11-12T21:56:26.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_virtualization_manager:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD61E07C-8CE1-4EC5-88FD-5410CB42D944"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}