High severity7.5NVD Advisory· Published Oct 16, 2017· Updated Jun 17, 2026
CVE-2014-7851
CVE-2014-7851
Description
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31cpe:2.3:a:redhat:ovirt-engine:3.2.2:*:*:*:*:*:*:*+ 27 more
- cpe:2.3:a:redhat:ovirt-engine:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.2:beta1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.4:beta1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.4.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:ovirt-engine:3.5.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
2- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.