Vulnerability Database

313,664

Total vulnerabilities in the database

CVE-2014-7851

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.

  • Published: Oct 16, 2017
  • Updated: Nov 9, 2025
  • CVE: CVE-2014-7851
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6
  • AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
ovirt / ovirt 3.3.2 3.3.2.x
ovirt / ovirt 3.4.0 3.4.0.x
redhat / ovirt-engine 3.2.2 3.2.2.x
redhat / ovirt-engine 3.3-beta1 3.3-beta1.x
redhat / ovirt-engine 3.3-rc1 3.3-rc1.x
redhat / ovirt-engine 3.3-rc2 3.3-rc2.x
redhat / ovirt-engine 3.3.0.1 3.3.0.1.x
redhat / ovirt-engine 3.3.1-beta1 3.3.1-beta1.x
redhat / ovirt-engine 3.3.1 3.3.1.x
redhat / ovirt-engine 3.3.1-rc1 3.3.1-rc1.x
redhat / ovirt-engine 3.3.2-beta1 3.3.2-beta1.x
redhat / ovirt-engine 3.3.3-beta1 3.3.3-beta1.x
redhat / ovirt-engine 3.3.3-rc1 3.3.3-rc1.x
redhat / ovirt-engine 3.3.4-beta1 3.3.4-beta1.x
redhat / ovirt-engine 3.3.4-rc1 3.3.4-rc1.x
redhat / ovirt-engine 3.3.5-rc1 3.3.5-rc1.x
redhat / ovirt-engine 3.4.0-beta1 3.4.0-beta1.x
redhat / ovirt-engine 3.4.0-beta2 3.4.0-beta2.x
redhat / ovirt-engine 3.4.0-beta3 3.4.0-beta3.x
redhat / ovirt-engine 3.4.0-rc2 3.4.0-rc2.x
redhat / ovirt-engine 3.4.0-rc3 3.4.0-rc3.x
redhat / ovirt-engine 3.4.1 3.4.1.x
redhat / ovirt-engine 3.4.1-rc1 3.4.1-rc1.x
redhat / ovirt-engine 3.4.2 3.4.2.x
redhat / ovirt-engine 3.4.2-rc1 3.4.2-rc1.x
redhat / ovirt-engine 3.4.3 3.4.3.x
redhat / ovirt-engine 3.4.3-rc1 3.4.3-rc1.x
redhat / ovirt-engine 3.4.4 3.4.4.x
redhat / ovirt-engine 3.4.4-rc1 3.4.4-rc1.x
redhat / ovirt-engine 3.5.0 3.5.0.x