4.3.3.7

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-21	CVE-2020-35497	A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. network low complexity ovirt redhat	6.5
2020-08-18	CVE-2020-14333	Unspecified vulnerability in Ovirt Ovirt-Engine A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. network low complexity ovirt	6.1
2020-03-19	CVE-2019-19336	Cross-site Scripting vulnerability in multiple products A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. network low complexity ovirt redhat CWE-79	6.1