CVE-2020-15526

MEDIUM

Redgate SQL Monitor 7.1.4-10.1.6 - Improper Certificate Validation in Alert Notifications and VMware Monitoring

Title source: llm

Description

In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.red-gate.com/privacy-and-security/vulnerabilities/2020-07-08-sql-monitor

Scores

CVSS v3 5.9

EPSS 0.0050

EPSS Percentile 38.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-295

Status published

Products (1)

red-gate/sql_monitor 7.1.4 - 10.1.6

Published Jul 09, 2020

Tracked Since Feb 18, 2026