CVE-2014-3573

{"id": "CVE-2014-3573", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-18T00:55:04.690", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2014-1161.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1030807", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an \"insecure DocumentBuilderFactory,\" which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "El m\u00f3dulo de backend oVirt Engine, como el utilizado en Red Hat Enterprise Virtualization Manager anterior a 3.4.2, utiliza una 'DocumentBuilderFactory insegura', lo que permite a atacantes remotos leer archivos arbitrarios o, posiblemente, tener otro impacto sin especificar a trav\u00e9s de un documento XML/RSDL manipulado, relacionado con un problema de tipo XML External Entity (XXE)."}], "lastModified": "2023-02-13T00:40:47.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "976591DF-88A4-42DA-BAB0-F8A4E654D3CB", "versionEndIncluding": "3.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}