Medium severity6.8NVD Advisory· Published Jan 5, 2016· Updated May 6, 2026

CVE-2014-5040

Description

HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID.

Affected products

Eucalyptus/Eucalyptus2 versions
cpe:2.3:a:eucalyptus:eucalyptus:4.1.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:eucalyptus:eucalyptus:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:eucalyptus:eucalyptus:4.2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

h20564.www2.hpe.com/hpsc/doc/public/displaynvdVendor Advisory
www.eucalyptus.com/resources/security/advisories/esa-32nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.442
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000