Home
MEDIUM: 6.1 CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:NDefault status
unaffected
AlmaLinux-8.x_SC2.0-Client-2.0
affected
AlmaLinux-8.x_SC2.0-Client-3.0
affected
CentOS-7.x_SC2.0-Client-2.0
affected
CentOS-7.x_SC2.0-Client-3.0
affected
RHEL-8.x_SC2.0-Client-2.0
affected
RHEL-8.x_SC2.0-Client-3.0
affected
Description
An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024.
Problem types
CWE-863 Incorrect Authorization
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Product status
AlmaLinux-8.x_SC2.0-Client-2.0
AlmaLinux-8.x_SC2.0-Client-3.0
CentOS-7.x_SC2.0-Client-2.0
CentOS-7.x_SC2.0-Client-3.0
RHEL-8.x_SC2.0-Client-2.0
RHEL-8.x_SC2.0-Client-3.0
Credits
Achmea Security Assessment Team (SAT)
References
saviynt.com/trust-compliance-security