In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7.
References
Link | Resource |
---|---|
https://www.red-gate.com/privacy-and-security/vulnerabilities/2020-07-08-sql-monitor | Vendor Advisory |
https://www.red-gate.com/privacy-and-security/vulnerabilities/2020-07-08-sql-monitor | Vendor Advisory |
Configurations
History
21 Nov 2024, 05:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.red-gate.com/privacy-and-security/vulnerabilities/2020-07-08-sql-monitorĀ - Vendor Advisory |
Information
Published : 2020-07-09 17:15
Updated : 2024-11-21 05:05
NVD link : CVE-2020-15526
Mitre link : CVE-2020-15526
CVE.ORG link : CVE-2020-15526
JSON object : View
Products Affected
red-gate
- sql_monitor
CWE
CWE-295
Improper Certificate Validation