CVE-2014-0152

CWE-3846 documents5 sources

Severity

6.8MEDIUM

EPSS

0.4%

top 39.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ovirt Ovirt Redhat Ovirt-engine

Timeline

PublishedSep 8

Latest updateMay 13

Description

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDovirt/ovirt3.4.0

▶NVDredhat/ovirt-engine9 versions+8

Patches

Patch: gerrit.ovirt.org ↗Patch: www.ovirt.org ↗Patch: gerrit.ovirt.org ↗

🔴Vulnerability Details

GHSA

GHSA-73j8-g9r9-3463: Session fixation vulnerability in the web admin interface in oVirt 3↗2022-05-13

▶

CVEList

CVE-2014-0152: Session fixation vulnerability in the web admin interface in oVirt 3↗2014-09-08

▶

📋Vendor Advisories

Red Hat

ovirt-engine-webadmin: session fixation↗2014-03-17

▶

💬Community

Bugzilla

CVE-2014-0152 ovirt-engine: ovirt-engine-webadmin: session fixation [fedora-all]↗2014-03-28

▶

Bugzilla

CVE-2014-0152 ovirt-engine-webadmin: session fixation↗2014-03-28

▶