4 matches found
EUVD-2025-199820
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
CVE-2025-59302
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
PT-2025-48264
Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.18.0 through 4.20.1 Apache CloudStack versions 4.21.0 through 4.21.9 Description An improper control of code generation 'Code Injection' issue exists in Apache CloudStack, specifically within several APIs accessibl...