{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Enterprise Virtualization Manager 3.4 is now available.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Enterprise Virtualization Manager is a visual tool for centrally\nmanaging collections of virtual servers running Red Hat Enterprise Linux\nand Microsoft Windows. This package also includes the Red Hat Enterprise\nVirtualization Manager API, a set of scriptable commands that give\nadministrators the ability to perform queries and operations on Red Hat\nEnterprise Virtualization Manager.\n\nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and\ninteracted with, including an Administration Portal, a User Portal, and a\nRepresentational State Transfer (REST) Application Programming Interface\n(API).\n\nIt was found that the oVirt web admin interface did not generate a new\nsession ID after authenticating a user. A remote attacker could use this\nflaw to perform session fixation attacks. (CVE-2014-0152)\n\nIt was found that the oVirt web admin interface stored session IDs in HTML5\nlocal storage. A remote attacker could provide a specially crafted web page\nthat, when visited by a user with a valid REST API session, would allow the\nattacker to read the session ID from local storage. This is possible\nbecause HTML5 local storage is not protected by the same-origin policy\n(SOP). (CVE-2014-0153)\n\nThese updated Red Hat Enterprise Virtualization Manager packages also\ninclude numerous bug fixes and various enhancements. Space precludes\ndocumenting all of these changes in this advisory. Users are directed to\nthe Red Hat Enterprise Virtualization 3.4 Technical Notes, linked to in the\nReferences, for information on the most significant of these changes.\n\nAll Red Hat Enterprise Virtualization Manager users are advised to upgrade\nto these updated packages, which resolve these issues and add these\nenhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0506",
        "url": "https://access.redhat.com/errata/RHSA-2014:0506"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.4/html-single/Technical_Notes/index.html",
        "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.4/html-single/Technical_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "741111",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741111"
      },
      {
        "category": "external",
        "summary": "818051",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=818051"
      },
      {
        "category": "external",
        "summary": "828080",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=828080"
      },
      {
        "category": "external",
        "summary": "856272",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856272"
      },
      {
        "category": "external",
        "summary": "858166",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=858166"
      },
      {
        "category": "external",
        "summary": "867794",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867794"
      },
      {
        "category": "external",
        "summary": "877747",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877747"
      },
      {
        "category": "external",
        "summary": "948653",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948653"
      },
      {
        "category": "external",
        "summary": "953492",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953492"
      },
      {
        "category": "external",
        "summary": "955429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=955429"
      },
      {
        "category": "external",
        "summary": "957939",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957939"
      },
      {
        "category": "external",
        "summary": "962180",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962180"
      },
      {
        "category": "external",
        "summary": "969641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=969641"
      },
      {
        "category": "external",
        "summary": "970488",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970488"
      },
      {
        "category": "external",
        "summary": "974076",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974076"
      },
      {
        "category": "external",
        "summary": "977461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977461"
      },
      {
        "category": "external",
        "summary": "981420",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981420"
      },
      {
        "category": "external",
        "summary": "983088",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983088"
      },
      {
        "category": "external",
        "summary": "999713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999713"
      },
      {
        "category": "external",
        "summary": "1015185",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015185"
      },
      {
        "category": "external",
        "summary": "1016844",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016844"
      },
      {
        "category": "external",
        "summary": "1018847",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018847"
      },
      {
        "category": "external",
        "summary": "1020408",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1020408"
      },
      {
        "category": "external",
        "summary": "1025295",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1025295"
      },
      {
        "category": "external",
        "summary": "1026389",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026389"
      },
      {
        "category": "external",
        "summary": "1026842",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026842"
      },
      {
        "category": "external",
        "summary": "1026857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026857"
      },
      {
        "category": "external",
        "summary": "1026868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026868"
      },
      {
        "category": "external",
        "summary": "1026980",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026980"
      },
      {
        "category": "external",
        "summary": "1027697",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027697"
      },
      {
        "category": "external",
        "summary": "1029441",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1029441"
      },
      {
        "category": "external",
        "summary": "1030122",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030122"
      },
      {
        "category": "external",
        "summary": "1032679",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032679"
      },
      {
        "category": "external",
        "summary": "1036885",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036885"
      },
      {
        "category": "external",
        "summary": "1038980",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1038980"
      },
      {
        "category": "external",
        "summary": "1044089",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044089"
      },
      {
        "category": "external",
        "summary": "1044091",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044091"
      },
      {
        "category": "external",
        "summary": "1045139",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045139"
      },
      {
        "category": "external",
        "summary": "1046625",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1046625"
      },
      {
        "category": "external",
        "summary": "1047629",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1047629"
      },
      {
        "category": "external",
        "summary": "1048356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048356"
      },
      {
        "category": "external",
        "summary": "1049080",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049080"
      },
      {
        "category": "external",
        "summary": "1049272",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049272"
      },
      {
        "category": "external",
        "summary": "1049627",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049627"
      },
      {
        "category": "external",
        "summary": "1051297",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051297"
      },
      {
        "category": "external",
        "summary": "1052024",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052024"
      },
      {
        "category": "external",
        "summary": "1052151",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052151"
      },
      {
        "category": "external",
        "summary": "1052231",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052231"
      },
      {
        "category": "external",
        "summary": "1052318",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052318"
      },
      {
        "category": "external",
        "summary": "1053890",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053890"
      },
      {
        "category": "external",
        "summary": "1054410",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1054410"
      },
      {
        "category": "external",
        "summary": "1055710",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1055710"
      },
      {
        "category": "external",
        "summary": "1056064",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056064"
      },
      {
        "category": "external",
        "summary": "1056307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056307"
      },
      {
        "category": "external",
        "summary": "1056743",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056743"
      },
      {
        "category": "external",
        "summary": "1056803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056803"
      },
      {
        "category": "external",
        "summary": "1057272",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057272"
      },
      {
        "category": "external",
        "summary": "1057358",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057358"
      },
      {
        "category": "external",
        "summary": "1057360",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057360"
      },
      {
        "category": "external",
        "summary": "1057363",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057363"
      },
      {
        "category": "external",
        "summary": "1057365",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057365"
      },
      {
        "category": "external",
        "summary": "1057367",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057367"
      },
      {
        "category": "external",
        "summary": "1057368",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057368"
      },
      {
        "category": "external",
        "summary": "1057369",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057369"
      },
      {
        "category": "external",
        "summary": "1057561",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057561"
      },
      {
        "category": "external",
        "summary": "1057654",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057654"
      },
      {
        "category": "external",
        "summary": "1057988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057988"
      },
      {
        "category": "external",
        "summary": "1057994",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057994"
      },
      {
        "category": "external",
        "summary": "1057996",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057996"
      },
      {
        "category": "external",
        "summary": "1057998",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1057998"
      },
      {
        "category": "external",
        "summary": "1059400",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059400"
      },
      {
        "category": "external",
        "summary": "1060575",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060575"
      },
      {
        "category": "external",
        "summary": "1060636",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060636"
      },
      {
        "category": "external",
        "summary": "1060705",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060705"
      },
      {
        "category": "external",
        "summary": "1061634",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1061634"
      },
      {
        "category": "external",
        "summary": "1062438",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062438"
      },
      {
        "category": "external",
        "summary": "1063432",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063432"
      },
      {
        "category": "external",
        "summary": "1063782",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063782"
      },
      {
        "category": "external",
        "summary": "1064068",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064068"
      },
      {
        "category": "external",
        "summary": "1064312",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064312"
      },
      {
        "category": "external",
        "summary": "1064393",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064393"
      },
      {
        "category": "external",
        "summary": "1064428",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064428"
      },
      {
        "category": "external",
        "summary": "1064880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064880"
      },
      {
        "category": "external",
        "summary": "1064907",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064907"
      },
      {
        "category": "external",
        "summary": "1066081",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066081"
      },
      {
        "category": "external",
        "summary": "1066103",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066103"
      },
      {
        "category": "external",
        "summary": "1066693",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066693"
      },
      {
        "category": "external",
        "summary": "1066884",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066884"
      },
      {
        "category": "external",
        "summary": "1067551",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067551"
      },
      {
        "category": "external",
        "summary": "1068717",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1068717"
      },
      {
        "category": "external",
        "summary": "1068763",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1068763"
      },
      {
        "category": "external",
        "summary": "1069096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069096"
      },
      {
        "category": "external",
        "summary": "1070667",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070667"
      },
      {
        "category": "external",
        "summary": "1070704",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070704"
      },
      {
        "category": "external",
        "summary": "1070835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070835"
      },
      {
        "category": "external",
        "summary": "1072059",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072059"
      },
      {
        "category": "external",
        "summary": "1072282",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072282"
      },
      {
        "category": "external",
        "summary": "1073479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073479"
      },
      {
        "category": "external",
        "summary": "1073669",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073669"
      },
      {
        "category": "external",
        "summary": "1075682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075682"
      },
      {
        "category": "external",
        "summary": "1076131",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1076131"
      },
      {
        "category": "external",
        "summary": "1076246",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1076246"
      },
      {
        "category": "external",
        "summary": "1077779",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077779"
      },
      {
        "category": "external",
        "summary": "1081860",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081860"
      },
      {
        "category": "external",
        "summary": "1081875",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081875"
      },
      {
        "category": "external",
        "summary": "1082800",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082800"
      },
      {
        "category": "external",
        "summary": "1085529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085529"
      },
      {
        "category": "external",
        "summary": "1089777",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1089777"
      },
      {
        "category": "external",
        "summary": "1090660",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090660"
      },
      {
        "category": "external",
        "summary": "1091391",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091391"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0506.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager 3.4.0 update",
    "tracking": {
      "current_release_date": "2026-06-28T12:23:15+00:00",
      "generator": {
        "date": "2026-06-28T12:23:15+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.2.6"
        }
      },
      "id": "RHSA-2014:0506",
      "initial_release_date": "2014-06-09T14:55:38+00:00",
      "revision_history": [
        {
          "date": "2014-06-09T14:55:38+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-06-09T14:55:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-28T12:23:15+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEV-M 3.4",
                "product": {
                  "name": "RHEV-M 3.4",
                  "product_id": "6Server-RHEV-S-3.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-websocket-proxy@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-setup-plugin-allinone@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-setup-base@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-lib@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-dbscripts@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-tools@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-setup-plugin-ovirt-engine@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-restapi@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-userportal@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-setup-plugin-ovirt-engine-common@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-setup@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-backend@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-setup-plugin-websocket-proxy@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
                "product": {
                  "name": "rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
                  "product_id": "rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm-webadmin-portal@3.4.0-0.21.el6ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhevm-0:3.4.0-0.21.el6ev.src",
                "product": {
                  "name": "rhevm-0:3.4.0-0.21.el6ev.src",
                  "product_id": "rhevm-0:3.4.0-0.21.el6ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhevm@3.4.0-0.21.el6ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-0:3.4.0-0.21.el6ev.src as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.src"
        },
        "product_reference": "rhevm-0:3.4.0-0.21.el6ev.src",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-backend-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-backend-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-lib-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-lib-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-restapi-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-restapi-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-setup-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-setup-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-tools-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-tools-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-userportal-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-userportal-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch as a component of RHEV-M 3.4",
          "product_id": "6Server-RHEV-S-3.4:rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch"
        },
        "product_reference": "rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-S-3.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-0152",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2014-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1081860"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt-engine-webadmin: session fixation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.src",
          "6Server-RHEV-S-3.4:rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0152"
        },
        {
          "category": "external",
          "summary": "RHBZ#1081860",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081860"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0152"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0152",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0152"
        }
      ],
      "release_date": "2014-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-06-09T14:55:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.src",
            "6Server-RHEV-S-3.4:rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0506"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.src",
            "6Server-RHEV-S-3.4:rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ovirt-engine-webadmin: session fixation"
    },
    {
      "cve": "CVE-2014-0153",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "discovery_date": "2014-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1081875"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt-engine-api: session ID stored in HTML5 local storage",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.src",
          "6Server-RHEV-S-3.4:rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
          "6Server-RHEV-S-3.4:rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0153"
        },
        {
          "category": "external",
          "summary": "RHBZ#1081875",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081875"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0153",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0153"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0153",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0153"
        }
      ],
      "release_date": "2014-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-06-09T14:55:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.src",
            "6Server-RHEV-S-3.4:rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0506"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-0:3.4.0-0.21.el6ev.src",
            "6Server-RHEV-S-3.4:rhevm-backend-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-dbscripts-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-lib-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-restapi-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-base-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-allinone-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-ovirt-engine-common-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-setup-plugin-websocket-proxy-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-tools-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-userportal-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-webadmin-portal-0:3.4.0-0.21.el6ev.noarch",
            "6Server-RHEV-S-3.4:rhevm-websocket-proxy-0:3.4.0-0.21.el6ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ovirt-engine-api: session ID stored in HTML5 local storage"
    }
  ]
}