Vulnerabilities > Redhat > Ovirt Engine > 3.4.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-24 | CVE-2020-10775 | Open Redirect vulnerability in multiple products An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. | 5.3 |
2017-10-16 | CVE-2014-7851 | Permissions, Privileges, and Access Controls vulnerability in multiple products oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | 7.5 |