VYPR
High severity7.5NVD Advisory· Published Oct 16, 2017· Updated Jun 17, 2026

CVE-2014-7851

CVE-2014-7851

Description

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

31
  • Ovirt/Ovirt3 versions
    cpe:2.3:a:ovirt:ovirt:3.3.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:ovirt:ovirt:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ovirt:ovirt:3.4.0:*:*:*:*:*:*:*
    • (no CPE)range: 3.2.2 - 3.5.0
  • cpe:2.3:a:redhat:ovirt-engine:3.2.2:*:*:*:*:*:*:*+ 27 more
    • cpe:2.3:a:redhat:ovirt-engine:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.1:beta1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.2:beta1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.3:beta1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.4:beta1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3:beta1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.3:rc2:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.4.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:ovirt-engine:3.5.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.