Apache CloudStack Authentication Bypass Vulnerability (CNVD-2016-03958)

Apache CloudStack is open source software for deploying and managing large networks of virtual machines. After multiple versions of Apache CloudStack enabled SAML-based authentication, a remote attacker exploited this vulnerability to bypass authentication and access the user interface...

CVE-2016-3085

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...

CVE-2016-3085

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...

Authentication flaw

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...

CVE-2016-3085

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin...

CVE-2016-3085

CVE-2016-3085 affects Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1. When SAML-based authentication is enabled, remote attackers can bypass authentication and access the user interface via vectors related to the SAML plugin. The conne...

Apache CloudStack Trust Management Vulnerability

Apache CloudStack is a suite of open source cloud computing software from the Apache Apache Software Foundation in the United States. The software can be used to deploy, manage, and configure public and private clouds IaaS. A security vulnerability exists in Apache CloudStack 4.5.1 and earlier...

CVE-2015-3252

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server...

CVE-2015-3251

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls...

Code injection

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server...

Design/Logic Flaw

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls...

CVE-2015-3251

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls...

CVE-2015-3252

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server...

Apache CloudStack Information Disclosure Vulnerability

Apache CloudStack is an open source cloud computing solution. An information disclosure vulnerability exists in Apache CloudStack, which allows remote attackers to exploit this vulnerability to obtain private keys via listSslCerts API calls...

CVE-2014-9593

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...

Code injection

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...

CVE-2014-9593

Apache CloudStack is affected by CVE-2014-9593: before 4.3.2 and 4.4.x before 4.4.2, the listSslCerts API call can disclose private keys. Likely impact is information disclosure of SSL private keys. The remediation in the connected records is to upgrade to CloudStack 4.3.2+ or 4.4.2+ (i.e., fixed...

CVE-2014-9593

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call...

[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2014-7807: Apache CloudStack unauthenticated LDAP binds CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P Vendors: The Apache Software Foundation Citrix, Inc. Versions Afffected: Apache CloudStack 4.3, 4.4 Description: Apache CloudStack may be configured to...

Authentication flaw

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind...