CVE-2014-3485

CWE-200Information ExposureCWE-611XML External Entity (XXE)5 documents5 sources
Severity
4.0MEDIUM
EPSS
0.3%
top 49.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Virtualization
Timeline
PublishedJul 11
Latest updateMay 17

Description

The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6g69-jrpm-4wp2: The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 32022-05-17
CVEList
CVE-2014-3485: The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 32014-07-11

📋Vendor Advisories

1
Red Hat
ovirt-engine-api: XML eXternal Entity (XXE) flaw2014-06-30

💬Community

1
Bugzilla
CVE-2014-3485 ovirt-engine-api: XML eXternal Entity (XXE) flaw2014-06-10
CVE-2014-3485 (MEDIUM CVSS 4) | The REST API in the ovirt-engine in | cvebase.io