Yaniv Kaul

**Name of the Vulnerable Software and Affected Versions** RHEV-M VDC version 2.2.0 **Description** The issue is related to the lack of SSL certificate verification when using the client-side Red Hat Enterprise Virtualization Manager interface to connect to the Red Hat Enterprise Virtualization Manager. This could allow an attacker on the local network to conduct a man-in-the-middle attack, potentially tricking the user into viewing attacker-controlled content or modifying user-requested actions. **Recommendations** For RHEV-M VDC version 2.2.0, consider disabling the use of the client-side Red Hat Enterprise Virtualization Manager interface until a patch is available to verify SSL certificates and prevent man-in-the-middle attacks. Restrict access to the Red Hat Enterprise Virtualization Manager to minimize the risk of exploitation.