{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-07T00:00:00", "descriptions": [{"lang": "en", "value": "oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-7851", "datePublished": "2017-10-16T15:00:00", "dateReserved": "2014-10-03T00:00:00", "dateUpdated": "2017-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovirt:ovirt:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8C6E6948-A799-401D-BBF9-34E088601A7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovirt:ovirt:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4941C28-47C1-41FC-A813-B114EA391C28", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "099D0B9C-942E-4CDA-955F-AC22F82DA07F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3:beta1:*:*:*:*:*:*", "matchCriteriaId": "A10B6656-8B72-4B96-B872-1ACEFEBD9038", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "23937BD7-A6BC-4DF3-B58B-1FFA8A3D0A87", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "E4E54C1E-DF2B-4C40-9A3F-06FCA970DFEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "777DD954-802B-47A2-8927-CA72E73A1BC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C832435-B6C7-44A6-B5E2-C4E67E7A50FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "F13D468A-28B9-457D-BF86-0E0E292DF383", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "ADDA48F9-9E9D-4E11-B287-07356BE66033", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.2:beta1:*:*:*:*:*:*", "matchCriteriaId": "A172A8C3-8460-4BE8-AE5D-2495BADBF5E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.3:beta1:*:*:*:*:*:*", "matchCriteriaId": "3404EB7C-38EE-4299-A530-D136D45ADC3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "2B50C157-7578-46B8-910C-D86DB73EE0CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.4:beta1:*:*:*:*:*:*", "matchCriteriaId": "8654BEC8-43E4-4130-B24B-4B185BC1B3FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "CBF59F3F-FD8E-42A4-8DEE-1377FDEB85C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.3.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "BCC874AA-957B-4B22-85B5-EE2B5B3C5CCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "2B0FDC22-0F94-41E3-97AD-6C578B40A545", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "206E5218-5685-4452-9D90-82CD6144DE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "078242F6-C141-488B-9841-6D7B02033B00", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E0276178-19C2-4329-A684-C0D8610CD1BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "AC68E2AE-7972-4905-A5E3-CDD5E0A72BE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "7155754D-0418-4B1D-9875-5021E8D15A7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "8CABBE4F-05AE-4395-AB89-DD6C21AD4BBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3E6F30C-0FAA-403A-B33F-FDE061C6480E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "D907E37C-3055-445A-B5EE-CDE5C20AAECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "684B8987-D27A-40D4-88E4-60197DDB660E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "0C416413-06B4-4A2B-8009-FD15E56D2FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B120777-E50B-494E-9AA3-F87B7F5ECEC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.4.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "807C03B7-E154-4F71-84AC-83C31E0C6847", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B949B545-2C41-401B-8753-7E442B02AEEA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user."}, {"lang": "es", "value": "oVirt 3.2.2 hasta la versi\u00f3n 3.5.0 no invalida la sesi\u00f3n restapi tras cerrar sesi\u00f3n desde el webadmin, lo que permite que usuarios remotos autenticados con conocimientos sobre los datos de sesi\u00f3n de otro usuario obtengan los privilegios de ese usuario reemplazando su token de sesi\u00f3n por el de otro usuario."}], "id": "CVE-2014-7851", "lastModified": "2023-02-13T00:42:36.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-16T15:29:00.230", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}