CVE-2014-3485

Name of the Vulnerable Software and Affected Versions oVirt versions 3.4

Description The issue is related to an XML External Entity (XXE) problem in the REST API of the ovirt-engine in oVirt. This allows remote authenticated users to read arbitrary files and potentially have other impacts via unknown vectors.

Recommendations For version 3.4, consider restricting access to the REST API until a fix is available. As a temporary workaround, avoid using the API for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.