2 matches found
CVE-2016-6813
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another non-"root" CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn...
CVE-2016-6813
CVE-2016-6813 affects Apache CloudStack 4.1–4.8.1.0 and 4.9.0.0. The issue is an API call that lets a user register for the developer API, and if the attacker can determine another non-root user’s CloudStack ID, they may reset that user’s API keys and gain access to their account and resources. T...