Apache CloudStack is an Infrastructure-as-a-Service (IaaS) cloud computing platform from the Apache Foundation. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack 4.5.0 and later versions contain an XML external entity injection vulnerability, which stems from a network system or product that does not set the correct filters to allow references to external entities, and can be exploited by remote attackers to read files by sending specially crafted XML files.