{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T19:58:05.259","vulnerabilities":[{"cve":{"id":"CVE-2017-2614","sourceIdentifier":"secalert@redhat.com","published":"2018-07-27T18:29:00.687","lastModified":"2024-11-21T03:23:50.067","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts."},{"lang":"es","value":"Cuando se actualiza una contraseña en la base de datos rhvm, las herramientas de ovirt-aaaa-jdbc-tool en versiones anteriores a la 1.1.3 no verifican correctamente si la contraseña actual ha caducado. Esto permitiría el acceso a un atacante con acceso para cambiar la contraseña en cuentas con contraseñas caducadas, obteniendo acceso a esas cuentas."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.0,"impactScore":3.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*","matchCriteriaId":"12544770-1AF9-4DD3-BC72-579DA0BC0F3E"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0257.html","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0257.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}