VYPR
Unrated severityNVD Advisory· Published Sep 8, 2014· Updated Jun 17, 2026

CVE-2014-0152

CVE-2014-0152

Description

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

Affected products

11
  • Ovirt/Ovirt2 versions
    cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*range: <=3.4.0
    • (no CPE)range: <=3.4.0
  • cpe:2.3:a:redhat:ovirt-engine:3.0.0:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:redhat:ovirt-engine:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc1:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.