fkie_nvd - fkie_cve-2014-3485

fkie_cve-2014-3485

Vulnerability from fkie_nvd

Published

2014-07-11 14:55

Modified

2024-11-21 02:08

Severity ?

Summary

The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-0814.html	Vendor Advisory
secalert@redhat.com	http://www.securitytracker.com/id/1030501
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0814.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030501

Impacted products

	Vendor	Product	Version
	redhat	enterprise_virtualization	3.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDA49BAA-D188-4F05-9AE8-E5A736EE1267",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "REST API en ovirt-engine en oVirt, utilizado en Red Hat Enterprise Virtualization (rhevm) 3.4, permite a usuarios remotos autenticados leer ficheros arbitrarios y tener otro impacto no especificado a trav\u00e9s de vectores desconocidos, relacionado con un problema de entidad externa XML External Entity (XXE)."
    }
  ],
  "id": "CVE-2014-3485",
  "lastModified": "2024-11-21T02:08:12.623",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-11T14:55:03.680",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0814.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0814.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030501"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-3485

Vulnerability from cvelistv5

Published

2014-07-11 14:00

Modified

2024-08-06 10:43