oVirt Engine 4.3.11

CPE Details

oVirt Engine 4.3.11
ovirt
ovirt-engine
4.3.11
2020-12-03
18h42 +00:00
2020-12-03
18h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ovirt:ovirt-engine:4.3.11:*:*:*:*:*:*:*

Informations

Vendor

ovirt

Product

ovirt-engine

Version

4.3.11

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-35497 2020-12-21 15h22 +00:00 A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
6.5
Medium
CVE-2020-14333 2020-08-18 11h13 +00:00 A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context.
6.3
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.