IssueDescription: It was discovered that, when loading XML/RSDL documents, the oVirt Engine back end module used an insecure DocumentBuilderFactory. A remote, authenticated attacker could use this flaw to read files accessible to the user running the ovirt-engine server, and potentially perform other more advanced XML External Entity (XXE) attacks.
Acknowledgements: This issue was discovered by Arun Babu Neelicattu of Red Hat Product Security.
This issue has been addressed in following products: RHEV Manager version 3.4 Via RHSA-2014:1161 https://rhn.redhat.com/errata/RHSA-2014-1161.html