2 matches found
CVE-2012-5616
CVE-2012-5616 affects Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform prior to 3.0.6, where sensitive data is logged in log4j.conf. This enables local users to obtain (1) SSH private keys from createSSHKeyPair, (2) host passwords from AddHost, and (3)/(4) VM passwords from DeployVM or...
CVE-2013-2136
Apache CloudStack UI contains multiple cross-site scripting (XSS) vulnerabilities in versions up to 4.1.0, allowing authenticated/remote attackers to inject arbitrary script or HTML via fields in Zone, Network, Instance, global settings, and other UI inputs. The issue is fixed by upgrading to Clo...