CVE-2014-7851 Vulnerability Details

  /     /     /  

CVE-2014-7851 Metadata Quick Info

CVE Published: 16/10/2017 | CVE Updated: 06/08/2024 | CVE Year: 2014
Source: redhat | Vendor: n/a | Product: n/a
Status : PUBLISHED

---

CVE-2014-7851 Description

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user\'s session data to gain that user\'s privileges by replacing their session token with that of another user.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).