XML External Entity (XXE) vulnerability in oVirt Engine backend module

XML External Entity (XXE) vulnerability in oVirt Engine backend module

CVE-2014-3573 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue.

Learn more about our External Network Penetration Testing.