CVE-2014-3485: Infoleak
First published: Fri Jul 11 2014(Updated: )
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Virtualization | =3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3485?
CVE-2014-3485 is considered to have medium severity due to its potential to allow unauthorized file read access.
How do I fix CVE-2014-3485?
To fix CVE-2014-3485, upgrade to the latest version of oVirt or apply the specific patches provided by Red Hat.
Who is affected by CVE-2014-3485?
CVE-2014-3485 affects users of Red Hat Enterprise Virtualization 3.4 who utilize the ovirt-engine's REST API.
What type of vulnerability is CVE-2014-3485?
CVE-2014-3485 is an XML External Entity (XXE) vulnerability that can lead to unauthorized file access.
Can CVE-2014-3485 be exploited remotely?
Yes, CVE-2014-3485 can be exploited remotely by authenticated users to read arbitrary files.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/3.4