Lucene search
RedhatCVE-2014-3485HistoryJul 11, 2014 - 2:55 p.m.
CVE-2014-3485
2014-07-1114:55:03
CWE-200
redhat
web.nvd.nist.gov
30
rest api
ovirt-engine
remote authentication
xxe
cve-2014-3485
nvd
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
46.3%
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.
Affected configurations
Node
redhatenterprise_virtualizationMatch3.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_virtualization | 3.4 | cpe:2.3:a:redhat:enterprise_virtualization:3.4:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2014-3485
2014-07-11 14:55:03
prion
prion
Xxe
2014-07-11 14:55:00
redhat
redhat
(RHSA-2014:0814) Moderate: rhevm security update
2014-06-30 00:00:00
nessus
nessus
RHEL 6 : rhevm (RHSA-2014:0814)
2014-11-08 00:00:00
cvelist
cvelist
CVE-2014-3485
2014-07-11 14:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
46.3%
Related for CVE-2014-3485