389 matches found
CVE-2022-35741
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity XXE injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When...
CVE-2022-35741
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity XXE injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When...
CVE-2022-35741
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity XXE injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When...
Design/Logic Flaw
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity XXE injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When...
CVE-2022-35741
The CVE-2022-35741 issue affects Apache CloudStack 4.5.0 and later, specifically the SAML 2.0 authentication Service Provider plugin. The vulnerability is XML External Entity (XXE) injection in the XML-based SAML messages parsed during authentication. Attacker must have the plugin enabled (not en...
CVE-2022-35741 Apache CloudStack SAML Single Sign-On XXE
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity XXE injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When...
Apache CloudStack 代码问题漏洞
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An XML external entity injection vulnerability exists in Apache...
PT-2022-3718 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.5.0 and later Description: The issue is related to the SAML 2.0 authentication Service Provider plugin in Apache CloudStack, which is vulnerable to XML external entity XXE injection attacks. This plugin is not...
Fedora: Security Advisory for apache-cloudstack-cloudmonkey (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: apache-cloudstack-cloudmonkey-6.2.0-3.fc35
Apache Cloudstack Cloudmonkey is a command line interface CLI for Apache CloudStack. CloudMonkey can be use both as an interactive shell and as a command line tool which simplifies Apache CloudStack configuration and management...
Fedora: Security Advisory for apache-cloudstack-cloudmonkey (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: apache-cloudstack-cloudmonkey-6.2.0-3.fc36
Apache Cloudstack Cloudmonkey is a command line interface CLI for Apache CloudStack. CloudMonkey can be use both as an interactive shell and as a command line tool which simplifies Apache CloudStack configuration and management...
Apache CloudStack Security Feature Issue Vulnerability
Apache CloudStack is an Infrastructure-as-a-Service IaaS cloud computing platform from the Apache Foundation. The platform is primarily used to deploy and manage large networks of virtual machines.A security feature issue vulnerability exists in versions of Apache CloudStack prior to 4.16.1.0,...
CVE-2022-26779
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
CVE-2022-26779
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
CVE-2022-26779
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
Code injection
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
CVE-2022-26779
CVE-2022-26779 (Apache CloudStack) affects CloudStack versions prior to 4.16.1.0, where project invitation tokens were generated with insecure randomness when an invite is created based on an email address. The root cause is the insecure RNG, enabling an attacker who knows the project ID and that...
Apache CloudStack 安全特征问题漏洞
Apache CloudStack is an Infrastructure-as-a-Service IaaS cloud computing platform from the Apache Foundation. The platform is primarily used to deploy and manage large networks of virtual machines.A security feature issue vulnerability exists in versions of Apache CloudStack prior to 4.16.1.0,...