The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
CVSS Score
4.3
EPSS Score
0.002
Published
2014-09-08
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.
CVSS Score
5.0
EPSS Score
0.003
Published
2012-08-31
Page 2