CVE-2017-2614 | Date: (C)2018-07-30 (M)2023-12-22 |
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 6.3 | CVSS Score : 2.1 |
Exploit Score: 2.0 | Exploit Score: 3.9 |
Impact Score: 3.7 | Impact Score: 2.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: LOCAL | Access Vector: LOCAL |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: LOW | Authentication: NONE |
User Interaction: NONE | Confidentiality: NONE |
Scope: CHANGED | Integrity: PARTIAL |
Confidentiality: LOW | Availability: NONE |
Integrity: LOW | |
Availability: LOW | |
| |