Unrated severityNVD Advisory· Published Aug 31, 2012· Updated Apr 29, 2026

CVE-2012-3533

Description

The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.

Affected products

Ovirt Engine Sdk/3105
cpe:2.3:a:ovirt-engine-sdk:3.1.0.5:*:*:*:*:*:*:*:*
Ovirt/Ovirt
cpe:2.3:a:ovirt:ovirt:3.1:*:*:*:*:*:*:*
Ovirt/Ovirt Engine Cli
cpe:2.3:a:ovirt:ovirt-engine-cli:*:*:*:*:*:*:*:*
Range: <=3.1.0.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/50409nvdVendor Advisory
gerrit.ovirt.orgnvd
gerrit.ovirt.orgnvd
www.openwall.com/lists/oss-security/2012/08/24/6nvd
www.openwall.com/lists/oss-security/2012/08/26/1nvd
www.securityfocus.com/bid/55208nvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/77984nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000