// For flags

CVE-2013-4236

vdsm: incomplete fix for CVE-2013-0167 issue

Severity Score

2.7
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167.

VDSM en Red Hat Enterprise Virtualization 3 y 3.2, permite a a usuarios con provilegios en la máquina "invitada" provocar que el host no "esté disponible para el servidor de gestión" a través de carácteres XML no válidos en una respuesta. NOTA: esta cuestión es debido a una solución incompleta del CVE-2013-0167.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-06-12 CVE Reserved
  • 2013-08-13 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Enterprise Virtualization
Search vendor "Redhat" for product "Enterprise Virtualization"
 3.0
Search vendor "Redhat" for product "Enterprise Virtualization" and version "3.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Virtualization
Search vendor "Redhat" for product "Enterprise Virtualization"
 3.2
Search vendor "Redhat" for product "Enterprise Virtualization" and version "3.2"
-
Affected