CVE-2014-3573: Input Validation
First published: Sat Oct 18 2014(Updated: )
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Virtualization Manager | <=3.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3573?
CVE-2014-3573 is classified as a medium severity vulnerability due to its potential to allow remote file access.
How do I fix CVE-2014-3573?
To fix CVE-2014-3573, upgrade to Red Hat Enterprise Virtualization Manager version 3.4.2 or later.
What systems are affected by CVE-2014-3573?
CVE-2014-3573 affects Red Hat Enterprise Virtualization Manager versions prior to 3.4.2.
What type of attacks can exploit CVE-2014-3573?
CVE-2014-3573 can be exploited via crafted XML/RSDL documents, allowing attackers to read arbitrary files.
What is the primary risk associated with CVE-2014-3573?
The primary risk of CVE-2014-3573 includes unauthorized access to sensitive files due to insecure XML processing.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/redhat
- canonical/red hat enterprise virtualization manager
- version/red hat enterprise virtualization manager/3.4.1