Cloudstack Security Vulnerabilities and Issues — Cloudstack CVE List

Lucene search

ApacheCloudstack

4 matches found

CVE•added 2014/05/23 2:55 p.m.•41 views

CVE-2013-2758

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.

5CVSS6.8AI score0.02796EPSS

CVE•added 2014/05/23 2:55 p.m.•39 views

CVE-2013-2756

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.

5CVSS7.2AI score0.03054EPSS

CVE•added 2014/12/10 3:59 p.m.•29 views

CVE-2014-7807

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.

5CVSS7.2AI score0.00419EPSS

CVE•added 2015/01/15 3:59 p.m.•28 views

CVE-2014-9593

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.

5CVSS6.8AI score0.02699EPSS