CVE-2017-2639

Name of the Vulnerable Software and Affected Versions: CloudForms (affected versions not specified)

Description: The issue arises from CloudForms not verifying that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This could allow an attacker to spoof RHEV or OpenShift systems, potentially leading to the harvesting of sensitive information from CloudForms.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.