exploitDog

CVE-2014-3573

Опубликовано: 18 окт. 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.

Ссылки

http://rhn.redhat.com/errata/RHSA-2014-1161.html
Vendor Advisory
http://www.securitytracker.com/id/1030807
http://rhn.redhat.com/errata/RHSA-2014-1161.html
Vendor Advisory
http://www.securitytracker.com/id/1030807

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*

Версия до 3.4.1 (включая)

EPSS

Процентиль: 63%

0.00457

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2014-3573

redhat

больше 11 лет назад

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.

GHSA-6whg-r3w4-fhjh

github

больше 3 лет назад

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.

EPSS

Процентиль: 63%

0.00457

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-20