CVE-2014-3573
Summary
| CVE | CVE-2014-3573 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-10-18 00:55:00 UTC |
| Updated | 2023-02-13 00:40:00 UTC |
| Description | The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Enterprise Virtualization Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | MISC | access.redhat.com | |
| 1125795 – (CVE-2014-3573) CVE-2014-3573 oVirt Engine: XML eXternal Entity (XXE) flaw in backend module | MISC | bugzilla.redhat.com | |
| Red Hat Enterprise Virtualization Manager XXE Bug Lets Remote Authenticated Users Obtain Files on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE-2014-3573 - Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.