Lucene search
K

5 matches found

CVE
CVE
added 2014/05/23 2:0 p.m.58 views

CVE-2013-2756

The CVE-2013-2756 issue affects Apache CloudStack 4.0.0–4.0.1 (and Citrix CloudPlatform 3.0.x up to 3.0.5) where Patch C for the respective lines allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. The root cause is an authentication bypa...

5CVSS7.2AI score0.05822EPSS
CVE
CVE
added 2014/05/23 2:0 p.m.58 views

CVE-2013-2758

CVE-2013-2758 affects Apache CloudStack 4.0.0–4.0.1 and Citrix CloudPlatform 3.0.x prior to 3.0.6 Patch C, which use a hash of a predictable sequence. This enables remote attackers to guess the console access URL via brute force. Remediation: upgrade to Apache CloudStack 4.0.2 or later, and Citri...

5CVSS6.8AI score0.06472EPSS
CVE
CVE
added 2014/01/14 6:0 p.m.55 views

CVE-2014-0031

Apache CloudStack (vulnerable: before 4.2.1) exposes an information disclosure via the ListNetworkACL and listNetworkACLLists APIs. The issue, caused by how crafted requests allow remote authenticated users to list network ACLs for other users, can reveal ACLs not owned by the attacker. Impact is...

4CVSS6.4AI score0.02151EPSS
CVE
CVE
added 2014/01/14 6:0 p.m.46 views

CVE-2013-6398

CVE-2013-6398 affects Apache CloudStack virtual routers prior to 4.2.1. After a restart, firewall rules’ source restrictions were not preserved, allowing a remote attacker to bypass restrictions and access network resources. Public sources in connected documents (NVD entry and security advisories...

2.8CVSS6.7AI score0.03675EPSS
CVE
CVE
added 2014/12/10 3:0 p.m.46 views

CVE-2014-7807

Apache CloudStack is affected: versions 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allow unauthenticated LDAP binds when LDAP is configured, enabling login requests without a password and resulting in an unauthenticated bind. Remediation per the docs is to upgrade to 4.4.2 (or 4.3.2 in testing) or...

5CVSS7.2AI score0.02556EPSS