Unrated severityNVD Advisory· Published Jan 22, 2013· Updated Apr 29, 2026

CVE-2012-5616

Description

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

Affected products

Apache/Cloudstack
cpe:2.3:a:apache:cloudstack:4.0.0:incubating:*:*:*:*:*:*
Citrix Systems/Cloudplatform
cpe:2.3:a:citrix:cloudplatform:*:*:*:*:*:*:*:*
Range: <=3.0.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.citrix.com/article/CTX136163nvdVendor Advisory
mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3Envd
osvdb.org/89070nvd
osvdb.org/89146nvd
osvdb.org/89147nvd
seclists.org/fulldisclosure/2013/Jan/65nvd
secunia.com/advisories/51366nvd
secunia.com/advisories/51821nvd
secunia.com/advisories/51827nvd
www.securityfocus.com/bid/57225nvd
www.securityfocus.com/bid/57259nvd
www.securitytracker.com/idnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000