Vulnerabilities > Redhat > Ovirt Engine > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-25 | CVE-2017-7510 | Information Exposure vulnerability in Redhat Ovirt-Engine 4.1.0 In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface. | 8.8 |
| 2017-10-16 | CVE-2014-7851 | Permissions, Privileges, and Access Controls vulnerability in multiple products oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | 7.5 |