Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2014-3573 | First vendor Publication | 2014-10-17 |
Vendor | Cve | Last vendor Modification | 2023-02-13 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3573 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1161.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
REDHAT | http://rhn.redhat.com/errata/RHSA-2014-1161.html |
SECTRACK | http://www.securitytracker.com/id/1030807 |
Alert History
Date | Informations |
---|---|
2023-02-13 05:28:16 |
|
2023-02-03 00:28:31 |
|
2021-05-05 01:15:19 |
|
2021-05-04 12:32:21 |
|
2021-04-22 01:39:27 |
|
2020-05-23 01:52:11 |
|
2020-05-23 00:41:06 |
|
2017-10-13 01:06:18 |
|
2016-06-29 00:35:30 |
|
2016-04-27 00:52:24 |
|
2014-11-08 13:31:49 |
|
2014-10-23 21:23:09 |
|
2014-10-22 17:22:24 |
|
2014-10-18 09:22:32 |
|