The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2014-0814.html | Vendor Advisory |
http://www.securitytracker.com/id/1030501 |
Configurations
History
13 Feb 2023, 00:39
Type | Values Removed | Values Added |
---|---|---|
Summary | The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue. | |
References |
|
02 Feb 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2014-3485 ovirt-engine-api: XML eXternal Entity (XXE) flaw | |
References |
|
Information
Published : 2014-07-11 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3485
Mitre link : CVE-2014-3485
CVE.ORG link : CVE-2014-3485
JSON object : View
Products Affected
redhat
- enterprise_virtualization
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor