CVE-2014-7851

{"id": "CVE-2014-7851", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2017-10-16T15:29:00.230", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user."}, {"lang": "es", "value": "oVirt 3.2.2 hasta la versi\u00f3n 3.5.0 no invalida la sesi\u00f3n restapi tras cerrar sesi\u00f3n desde el webadmin, lo que permite que usuarios remotos autenticados con conocimientos sobre los datos de sesi\u00f3n de otro usuario obtengan los privilegios de ese usuario reemplazando su token de sesi\u00f3n por el de otro usuario."}], "lastModified": "2023-02-13T00:42:36.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ovirt:ovirt:3.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C6E6948-A799-401D-BBF9-34E088601A7F"}, {"criteria": "cpe:2.3:a:ovirt:ovirt:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4941C28-47C1-41FC-A813-B114EA391C28"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "099D0B9C-942E-4CDA-955F-AC22F82DA07F"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10B6656-8B72-4B96-B872-1ACEFEBD9038"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23937BD7-A6BC-4DF3-B58B-1FFA8A3D0A87"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4E54C1E-DF2B-4C40-9A3F-06FCA970DFEE"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "777DD954-802B-47A2-8927-CA72E73A1BC9"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C832435-B6C7-44A6-B5E2-C4E67E7A50FC"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.1:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F13D468A-28B9-457D-BF86-0E0E292DF383"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADDA48F9-9E9D-4E11-B287-07356BE66033"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.2:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A172A8C3-8460-4BE8-AE5D-2495BADBF5E3"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.3:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3404EB7C-38EE-4299-A530-D136D45ADC3B"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B50C157-7578-46B8-910C-D86DB73EE0CE"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.4:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8654BEC8-43E4-4130-B24B-4B185BC1B3FA"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBF59F3F-FD8E-42A4-8DEE-1377FDEB85C0"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.5:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCC874AA-957B-4B22-85B5-EE2B5B3C5CCF"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B0FDC22-0F94-41E3-97AD-6C578B40A545"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "206E5218-5685-4452-9D90-82CD6144DE0B"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "078242F6-C141-488B-9841-6D7B02033B00"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0276178-19C2-4329-A684-C0D8610CD1BD"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC68E2AE-7972-4905-A5E3-CDD5E0A72BE7"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7155754D-0418-4B1D-9875-5021E8D15A7F"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CABBE4F-05AE-4395-AB89-DD6C21AD4BBE"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3E6F30C-0FAA-403A-B33F-FDE061C6480E"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D907E37C-3055-445A-B5EE-CDE5C20AAECE"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "684B8987-D27A-40D4-88E4-60197DDB660E"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C416413-06B4-4A2B-8009-FD15E56D2FE8"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B120777-E50B-494E-9AA3-F87B7F5ECEC8"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "807C03B7-E154-4F71-84AC-83C31E0C6847"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B949B545-2C41-401B-8753-7E442B02AEEA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}