Lucene search
RedhatCVE-2014-3573HistoryOct 18, 2014 - 12:55 a.m.
CVE-2014-3573
2014-10-1800:55:04
CWE-20
redhat
web.nvd.nist.gov
27
cve-2014-3573
ovirt engine
red hat enterprise virtualization manager
xml
xxe
security vulnerability
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.3
Confidence
High
EPSS
0.002
Percentile
61.1%
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an “insecure DocumentBuilderFactory,” which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.
Affected configurations
Node
redhatenterprise_virtualization_managerRange≤3.4.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_virtualization_manager | * | cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-3573
2014-10-18 00:00:00
prion
prion
Xxe
2014-10-18 00:55:00
redhat
redhat
nessus
nessus
RHEL 6 : Virtualization Manager (RHSA-2014:1161)
2014-11-08 00:00:00
nvd
nvd
CVE-2014-3573
2014-10-18 00:55:04
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.3
Confidence
High
EPSS
0.002
Percentile
61.1%
Related for CVE-2014-3573