What is CVE-2014-7851?

CVE-2014-7851 is a high-severity vulnerability in Ovirt, classified under CWE-264. CVSS score: 7.5/10. Published 2017-10-16.

How severe is CVE-2014-7851?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Ovirt

CVE-2014-7851

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their sessi…

EPSS: 0.004 (60.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ovirt — versions 3.3.2, 3.4.0
Redhat Ovirt-engine — versions 3.2.2, 3.3, 3.3.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking)

Frequently asked questions

What is CVE-2014-7851?: CVE-2014-7851 is a high-severity vulnerability in Ovirt, classified under CWE-264. CVSS score: 7.5/10. Published 2017-10-16.
How severe is CVE-2014-7851?: High severity. CVSS v3 base score is 7.5 out of 10.