{
  "threat_severity" : "Moderate",
  "public_date" : "2023-08-29T00:00:00Z",
  "bugzilla" : {
    "description" : "hotrod-client: Hot Rod client does not enable hostname  validation when using TLS that lead to a MITM attack",
    "id" : "2235564",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2235564"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.", "A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Data Grid 8.4.6",
    "release_date" : "2023-12-06T00:00:00Z",
    "advisory" : "RHSA-2023:7676",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:8",
    "package" : "hotrod-client"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-4586\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4586" ],
  "name" : "CVE-2023-4586",
  "mitigation" : {
    "value" : "No current mitigation is yet available for this vulnerability",
    "lang" : "en:us"
  },
  "csaw" : false
}