CVE-2014-3573
Red Hat Enterprise Virtualization Manager < 3.4.1 - XML External Entity Injection via Insecure DocumentBuilderFactory
Title source: llmDescription
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030807
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1161.html
Scores
EPSS
0.0176
EPSS Percentile
75.4%
Details
CWE
CWE-20
Status
published
Products (1)
redhat/enterprise_virtualization_manager
< 3.4.1
Published
Oct 18, 2014
Tracked Since
Feb 18, 2026