VDB

CVE-2021-3494

CVE-2021-3494 PUBLISHED CVSS 5.900000095367432 MEDIUM

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0.

EPSS 0.27% · 50.6th percentile

Risk Scores

CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.27%
50.6th percentile

Affected Products

VendorProductVersions
n/aforemanforeman 2.5.0
theforemanforeman0

Timeline

  • Apr 26, 2021 CVE Published
  • Apr 27, 2021 EPSS Score
  • Jun 30, 2021 EPSS Score
  • Aug 31, 2021 EPSS Score
  • Nov 2, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 7, 2022 EPSS Score
  • Jul 8, 2022 EPSS Score
  • Sep 10, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›