CVE-2014-3573

Published Oct 18, 2014

Last updated 2 years ago

Overview

Description: The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "976591DF-88A4-42DA-BAB0-F8A4E654D3CB",
            "versionEndIncluding": "3.4.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References