Skip to main content

Cloudstack

35 CVEs product

Monthly

CVE-2025-59454 MEDIUM This Month

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-59302 MEDIUM This Month

In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Code Injection Cloudstack
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-30675 MEDIUM PATCH This Month

In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain. A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.  This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller's scope rather than defaulting to the ROOT domain. Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.

Apache Information Disclosure Cloudstack
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-47849 HIGH PATCH This Week

A privilege escalation vulnerability in Apache CloudStack (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

Apache Privilege Escalation Information Disclosure Cloudstack
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47713 HIGH PATCH This Week

A privilege escalation vulnerability in Apache CloudStack (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

Apache Privilege Escalation Denial Of Service Information Disclosure Cloudstack
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-26521 HIGH PATCH This Week

CVE-2025-26521 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Apache Information Disclosure Kubernetes Privilege Escalation Cloudstack
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-22829 MEDIUM PATCH This Month

The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations. Quota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue.

Privilege Escalation Cloudstack
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22828 MEDIUM Monitor

CloudStack users can add and read comments (annotations) on resources they are authorised to access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.4% and no vendor patch available.

Information Disclosure Apache Cloudstack
NVD
CVSS 3.1
4.3
EPSS
18.4%
CVE-2024-50386 CRITICAL Act Now

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Cloudstack
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2024-45693 HIGH This Week

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache CSRF Information Disclosure Cloudstack
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-45462 HIGH This Week

The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Cloudstack
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-45461 MEDIUM This Month

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Cloudstack
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-45219 HIGH This Week

Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Apache Denial Of Service Cloudstack
NVD
CVSS 3.1
8.5
EPSS
1.2%
CVE-2024-42222 MEDIUM POC This Month

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Cloudstack
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2024-42062 HIGH This Week

CloudStack account-users by default use username and password based authentication for API and UI access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Denial Of Service Cloudstack
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-41107 HIGH POC THREAT This Week

The CloudStack SAML authentication (disabled by default) does not enforce signature check. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cloudstack
NVD GitHub
CVSS 3.1
8.1
EPSS
17.8%
CVE-2024-39864 CRITICAL Act Now

The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Cloudstack
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-38346 CRITICAL Act Now

The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Cloudstack
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-29008 MEDIUM This Month

A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloudstack
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-29007 HIGH This Week

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cloudstack
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-29006 CRITICAL Act Now

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloudstack
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35741 CRITICAL PATCH Act Now

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service SSRF Apache XXE Cloudstack
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2022-26779 HIGH POC This Week

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Information Disclosure Cloudstack
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2016-3085 MEDIUM This Month

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apache Cloudstack
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-3252 CRITICAL Act Now

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Cloudstack
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2015-3251 MEDIUM This Month

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2014-9593 MEDIUM This Month

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2014-7807 MEDIUM This Month

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Cloudstack
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-2758 MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Citrix Information Disclosure Apache Cloudstack Cloudplatform
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2013-2756 MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Citrix Authentication Bypass Cloudstack Cloudplatform
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2014-0031 MEDIUM This Month

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Cloudstack
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-6398 LOW Monitor

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Cloudstack
NVD
CVSS 2.0
2.8
EPSS
1.0%
CVE-2013-2136 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Cloudstack
NVD
CVSS 2.0
4.3
EPSS
6.7%
CVE-2012-5616 LOW Monitor

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1). Rated low severity (CVSS 1.5). No vendor patch available.

Citrix Apache Authentication Bypass Cloudstack Cloudplatform
NVD
CVSS 2.0
1.5
EPSS
0.1%
CVE-2012-4501 CRITICAL Act Now

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Citrix Cloudstack
NVD
CVSS 2.0
10.0
EPSS
2.7%
EPSS 0% CVSS 4.3
MEDIUM This Month

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Code Injection +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain. A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.  This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller's scope rather than defaulting to the ROOT domain. Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.

Apache Information Disclosure Cloudstack
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A privilege escalation vulnerability in Apache CloudStack (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

Apache Privilege Escalation Information Disclosure +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A privilege escalation vulnerability in Apache CloudStack (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

Apache Privilege Escalation Denial Of Service +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

CVE-2025-26521 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Apache Information Disclosure Kubernetes +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations. Quota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue.

Privilege Escalation Cloudstack
NVD
EPSS 18% CVSS 4.3
MEDIUM Monitor

CloudStack users can add and read comments (annotations) on resources they are authorised to access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.4% and no vendor patch available.

Information Disclosure Apache Cloudstack
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Cloudstack
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache CSRF Information Disclosure +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Cloudstack
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Cloudstack
NVD
EPSS 1% CVSS 8.5
HIGH This Week

Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Apache Denial Of Service Cloudstack
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Cloudstack
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

CloudStack account-users by default use username and password based authentication for API and UI access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Denial Of Service +1
NVD
EPSS 18% CVSS 8.1
HIGH POC THREAT This Week

The CloudStack SAML authentication (disabled by default) does not enforce signature check. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cloudstack
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Cloudstack
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE +1
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloudstack
NVD
EPSS 1% CVSS 7.3
HIGH This Week

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cloudstack
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloudstack
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service SSRF Apache +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Information Disclosure Cloudstack
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apache Cloudstack
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Cloudstack
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
NVD
EPSS 3% CVSS 5.0
MEDIUM This Month

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Cloudstack
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Citrix Information Disclosure Apache +2
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Citrix Authentication Bypass +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Cloudstack
NVD
EPSS 1% CVSS 2.8
LOW Monitor

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Cloudstack
NVD
EPSS 7% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Cloudstack
NVD
EPSS 0% CVSS 1.5
LOW Monitor

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1). Rated low severity (CVSS 1.5). No vendor patch available.

Citrix Apache Authentication Bypass +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Citrix +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy