Unrated severityNVD Advisory· Published Jan 4, 2013· Updated Jun 16, 2026
CVE-2012-0861
CVE-2012-0861
Description
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*range: <=3.0
- cpe:2.3:a:redhat:enterprise_virtualization_manager:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2.3:*:*:*:*:*:*:*
- Range: <3.1
Patches
Vulnerability mechanics
References
6- rhn.redhat.com/errata/RHSA-2012-1505.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2012-1506.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2012-1508.htmlnvdVendor Advisory
- www.securityfocus.com/bid/56825nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/80544nvd
News mentions
0No linked articles in our index yet.