CVE-2014-3573

Red Hat Enterprise Virtualization Manager < 3.4.1 - XML External Entity Injection via Insecure DocumentBuilderFactory

Title source: llm
STIX 2.1

Description

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030807
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1161.html

Scores

EPSS 0.0176
EPSS Percentile 75.4%

Details

CWE
CWE-20
Status published
Products (1)
redhat/enterprise_virtualization_manager < 3.4.1
Published Oct 18, 2014
Tracked Since Feb 18, 2026