Cloudstack@4.0.1 Security Vulnerabilities and Issues — Cloudstack@4.0.1 CVE List

Lucene search

ApacheCloudstack4.0.1

5 matches found

CVE•added 2014/05/23 2:55 p.m.•41 views

CVE-2013-2758

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.

5CVSS6.8AI score0.02796EPSS

CVE•added 2013/08/19 11:55 p.m.•40 views

CVE-2013-2136

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "mu...

4.3CVSS5.8AI score0.06724EPSS

CVE•added 2014/05/23 2:55 p.m.•39 views

CVE-2013-2756

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.

5CVSS7.2AI score0.03054EPSS

CVE•added 2014/01/15 4:8 p.m.•38 views

CVE-2014-0031

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.

4CVSS6.4AI score0.00323EPSS

CVE•added 2014/01/15 4:8 p.m.•31 views

CVE-2013-6398

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.

2.8CVSS6.7AI score0.00989EPSS