Red Hat oVirt Engine 3.3.4 Beta 1

CPE Details

Red Hat oVirt Engine 3.3.4 Beta 1
redhat
ovirt-engine
3.3.4
2019-11-06
19h34 +00:00
2019-11-06
19h34 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:ovirt-engine:3.3.4:beta1:*:*:*:*:*:*

Informations

Vendor

redhat

Product

ovirt-engine

Version

3.3.4

Update

beta1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-10775 2020-08-24 14h13 +00:00 An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.
5.3
Medium
CVE-2014-7851 2017-10-16 13h00 +00:00 oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
7.5
High
CVE-2014-0151 2015-02-13 14h00 +00:00 Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request.
6.8
CVE-2014-0152 2014-09-08 12h00 +00:00 Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
6.8