Information disclosure in Redhat Enterprise_virtualization

CVE-2014-3485

The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML Externa…

Vulnerability class: Information Disclosure

EPSS: 0.003 (50.4th percentile) — read the EPSS interpretation.

Affected products

Redhat Enterprise_virtualization — versions 3.4
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1030501 (vdb-entry, x_refsource_SECTRACK)
RHSA-2014:0814 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)