What is the severity of CVE-2014-3559?

CVE-2014-3559 is considered a moderate security vulnerability due to the potential exposure of sensitive data from memory snapshots.

How do I fix CVE-2014-3559?

To mitigate CVE-2014-3559, ensure that you are running a patched version of Red Hat Enterprise Virtualization 3.4 that addresses this vulnerability.

Who is affected by CVE-2014-3559?

CVE-2014-3559 affects users of Red Hat Enterprise Virtualization 3.4 where memory snapshots are not properly wiped upon VM deletion.

What kind of attack can be performed with CVE-2014-3559?

A remote attacker with the ability to create a new VM could potentially access sensitive information from memory snapshots left behind by deleted VMs.

Is CVE-2014-3559 a client-side or server-side vulnerability?

CVE-2014-3559 is a server-side vulnerability affecting the oVirt storage back end of Red Hat Enterprise Virtualization.

Vulnerability/
CVE-2014-3559

low

3.5

CWE

264

22/7/2014

6/8/2014

6/8/2024

CVE-2014-3559

First published: Tue Jul 22 2014(Updated: )

IssueDescription: It was found that the oVirt storage back end did not wipe memory snapshots when VMs were deleted, even if wipe-after-delete (WAD) was enabled for the VM's disks. A remote attacker with credentials to create a new VM could use this flaw to potentially access the contents of memory snapshots in an uninitialized storage volume, possibly leading to the disclosure of sensitive information.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat Enterprise Virtualization	=3.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3559?
CVE-2014-3559 is considered a moderate security vulnerability due to the potential exposure of sensitive data from memory snapshots.
How do I fix CVE-2014-3559?
To mitigate CVE-2014-3559, ensure that you are running a patched version of Red Hat Enterprise Virtualization 3.4 that addresses this vulnerability.
Who is affected by CVE-2014-3559?
CVE-2014-3559 affects users of Red Hat Enterprise Virtualization 3.4 where memory snapshots are not properly wiped upon VM deletion.
What kind of attack can be performed with CVE-2014-3559?
A remote attacker with the ability to create a new VM could potentially access sensitive information from memory snapshots left behind by deleted VMs.
Is CVE-2014-3559 a client-side or server-side vulnerability?
CVE-2014-3559 is a server-side vulnerability affecting the oVirt storage back end of Red Hat Enterprise Virtualization.

agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-3559
agent/weakness
agent/last-modified-date
agent/severity
agent/references
agent/author
agent/description
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/redhat
canonical/red hat enterprise virtualization
version/red hat enterprise virtualization/3.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.