Lucene search

[email protected]CVE-2014-9593

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-9593

2022-10-0316:20:41

CWE-200

[email protected]

web.nvd.nist.gov

cve

apache cloudstack

security vulnerability

nvd

api call

remote attackers

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.

Affected configurations

NVD

Node

apachecloudstackRange≤4.3.1

apachecloudstackMatch4.4.0

apachecloudstackMatch4.4.1

CPENameOperatorVersion
apache:cloudstackapache cloudstackle4.3.1
apache:cloudstackapache cloudstackeq4.4.0
apache:cloudstackapache cloudstackeq4.4.1

CPE	Name	Operator	Version
apache:cloudstack	apache cloudstack	le	4.3.1
apache:cloudstack	apache cloudstack	eq	4.4.0
apache:cloudstack	apache cloudstack	eq	4.4.1

References

docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html

docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release

secunia.com/advisories/62216

issues.apache.org/jira/browse/CLOUDSTACK-7952

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for CVE-2014-9593

nvd1 prion1 cvelist1