Vulnerabilities > Ovirt > Ovirt Engine > 4.3.5

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-35497 Improper Access Control vulnerability in multiple products
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
network
low complexity
ovirt redhat CWE-284
6.5
6.5
2020-08-18 CVE-2020-14333 Cross-site Scripting vulnerability in Ovirt Ovirt-Engine
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack.
network
low complexity
ovirt CWE-79
6.1
6.1
2020-03-19 CVE-2019-19336 Cross-site Scripting vulnerability in multiple products
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8.
network
ovirt redhat CWE-79
4.3
4.3