CVE-2014-3573

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Virtualization Manager versions prior to 3.4.2

Description The issue is related to an XML External Entity (XXE) problem, where the oVirt Engine backend module uses an insecure DocumentBuilderFactory. This allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document.

Recommendations For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the oVirt Engine backend module to minimize the risk of exploitation.