CVE-2017-2614

Name of the Vulnerable Software and Affected Versions: ovirt-aaa-jdbc-tool versions prior to 1.1.3

Description: The issue allows an attacker to change passwords on accounts with expired passwords, gaining access to those accounts, due to a failure in correctly checking the current password when updating it in the rhvm database.

Recommendations: For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to password change functionality for accounts with expired passwords until the update is applied.