CVE-2014-3559 in Enterprise Virtualizationinfo

Summary

The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM s disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM s memory and obtain sensitive information via an uninitialized storage volume.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

05/14/2014

Disclosure

08/06/2014

Moderation

VulDB entry created

Entries

1: VDB-70546

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

4.3

EPSS

0.00273

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-3559
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3559
CVE Details	https://www.cvedetails.com/cve/CVE-2014-3559/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!