Vulnerability Description
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Virtualization Manager | 2.2 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/cve-2009-3552Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3552Issue TrackingThird Party Advisory
- https://www.securityfocus.com/bid/42639Third Party AdvisoryVDB Entry
- https://access.redhat.com/security/cve/cve-2009-3552Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3552Issue TrackingThird Party Advisory
- https://www.securityfocus.com/bid/42639Third Party AdvisoryVDB Entry
FAQ
What is CVE-2009-3552?
CVE-2009-3552 is a vulnerability with a CVSS score of 3.1 (LOW). In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML...
How severe is CVE-2009-3552?
CVE-2009-3552 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3552?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Virtualization Manager.