{"api_version":"1","generated_at":"2026-04-23T07:55:49+00:00","cve":"CVE-2017-2614","urls":{"html":"https://cve.report/CVE-2017-2614","api":"https://cve.report/api/cve/CVE-2017-2614.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-2614","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-2614"},"summary":{"title":"CVE-2017-2614","description":"When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2018-07-27 18:29:00","updated_at":"2019-10-09 23:26:00"},"problem_types":["CWE-640"],"metrics":[],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0257.html","name":"RHSA-2017:0257","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614","refsource":"CONFIRM","tags":["Issue Tracking","Vendor Advisory"],"title":"1417702 – (CVE-2017-2614) CVE-2017-2614 rhev-m-4: Fails to validate existing expired passwords when changing a password","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-2614","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2614","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"2614","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"enterprise_virtualization","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2614","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"enterprise_virtualization","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2017-2614","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ovirt-engine-extension-aaa-jdbc","version":{"version_data":[{"version_value":"1.1.3"}]}}]},"vendor_name":"Red Hat"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts."}]},"impact":{"cvss":[[{"vectorString":"6.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","version":"3.0"}]]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20"}]}]},"references":{"reference_data":[{"name":"RHSA-2017:0257","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2017-0257.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614"}]}},"nvd":{"publishedDate":"2018-07-27 18:29:00","lastModifiedDate":"2019-10-09 23:26:00","problem_types":["CWE-640"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":6.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2,"impactScore":3.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"2614","Ordinal":"98753","Title":"CVE-2017-2614","CVE":"CVE-2017-2614","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"2614","Ordinal":"1","NoteData":"When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"2614","Ordinal":"2","NoteData":"2018-07-27","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"2614","Ordinal":"3","NoteData":"2018-07-28","Type":"Other","Title":"Modified"}]}}}