Merge branch 'CVE-2017-2614' of https://github.com/RedHatProductSecurity/cvelist into cna/redhat/masspub/20180727

2025-06-12 02:05:39 +00:00 · 2018-07-27 11:20:57 -04:00 · 2018-07-27 11:20:57 -04:00 · f0a18c1e98
commit f0a18c1e98
parent 69c51224d1 dda3aa0bcc
1 changed files with 69 additions and 16 deletions
--- a/2017/2xxx/CVE-2017-2614.json
+++ b/2017/2xxx/CVE-2017-2614.json
@ -1,18 +1,71 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2017-2614",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2017-2614",
+        "ASSIGNER": "anemec@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Red Hat",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "ovirt-engine-extension-aaa-jdbc",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "1.1.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "6.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
+                    "version": "3.0"
+                }
+            ]
+        ]
+    }
 }