CVE-2014-3573

Published: Oct 18, 2014Modified: May 6, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.

Affected (1)

Products: Redhat: Enterprise Virtualization Manager

1 product

Enterprise Virtualization Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Virtualization Manager	Up to 3.4.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://rhn.redhat.com/errata/RHSA-2014-1161.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securitytracker.com/id/1030807

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1161.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1030807

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.