3 matches found
CVE-2016-3085
CVE-2016-3085 affects Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1. When SAML-based authentication is enabled, remote attackers can bypass authentication and access the user interface via vectors related to the SAML plugin. The conne...
CVE-2015-3251
CVE-2015-3251 : In Apache CloudStack, versions before 4.5.2 allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified API-call vectors. The vulnerability is an information disclosure issue tied to the API surface used ...
CVE-2015-3252
Apache CloudStack vulnerability CVE-2015-3252 affects CloudStack before 4.5.2 (4.5.1 and earlier per CNVD). The issue arises from improper preservation of VNC passwords during KVM VM migrations, enabling a remote attacker to gain access by connecting to the VNC server. According to the sources, t...