Lucene search

[email protected]NVD:CVE-2014-3573

HistoryOct 18, 2014 - 12:55 a.m.

CVE-2014-3573

2014-10-1800:55:04

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an “insecure DocumentBuilderFactory,” which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.

Affected configurations

Nvd

Node

redhatenterprise_virtualization_managerRange≤3.4.1

VendorProductVersionCPE
redhatenterprise_virtualization_manager*cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_virtualization_manager	*	cpe:2.3:a:redhat:enterprise_virtualization_manager::::::::

References

rhn.redhat.com/errata/RHSA-2014-1161.html

www.securitytracker.com/id/1030807

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

Related for NVD:CVE-2014-3573

cve1 cvelist1 prion1 redhat1 nessus1