CVE-2020-15526

In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7.
Configurations

Configuration 1 (hide)

cpe:2.3:a:red-gate:sql_monitor:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:05

Type Values Removed Values Added
References () https://www.red-gate.com/privacy-and-security/vulnerabilities/2020-07-08-sql-monitorĀ - Vendor Advisory () https://www.red-gate.com/privacy-and-security/vulnerabilities/2020-07-08-sql-monitorĀ - Vendor Advisory

Information

Published : 2020-07-09 17:15

Updated : 2024-11-21 05:05


NVD link : CVE-2020-15526

Mitre link : CVE-2020-15526

CVE.ORG link : CVE-2020-15526


JSON object : View

Products Affected

red-gate

  • sql_monitor
CWE
CWE-295

Improper Certificate Validation