Ovirt Engine
by Red Hat
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-7851 | Hig | 0.49 | 7.5 | 0.00 | Oct 16, 2017 | oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | |
| CVE-2014-0151 | 0.00 | — | 0.00 | Feb 13, 2015 | Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. | ||
| CVE-2014-0152 | 0.00 | — | 0.00 | Sep 8, 2014 | Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. |
- risk 0.49cvss 7.5epss 0.00
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
- CVE-2014-0151Feb 13, 2015risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request.
- CVE-2014-0152Sep 8, 2014risk 0.00cvss —epss 0.00
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.