Redhat - Ovirt-engine CVE

Filtered by vendor Redhat Subscribe

Filtered by product Ovirt-engine

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-7510	1 Redhat	1 Ovirt-engine	2020-02-18	4.0 MEDIUM	8.8 HIGH
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
CVE-2014-7851	2 Ovirt, Redhat	2 Ovirt, Ovirt-engine	2019-11-06	6.0 MEDIUM	7.5 HIGH
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.

Vulnerabilities (CVE)