Vulnerability Details CVE-2014-3573
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.7%
CVSS Severity
CVSS v2 Score 6.5
References
Products affected by CVE-2014-3573
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:2.1
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2.3
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:3.0
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:3.1
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:3.2
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4
-
cpe:2.3:a:redhat:enterprise_virtualization_manager:3.4.1