Sign in Get started

← All advisories

Unrated severityNVD Advisory· Published Jan 15, 2015· Updated May 6, 2026

CVE-2014-9593

CVE-2014-9593

Description

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.

Affected products

3

Apache/Cloudstack3 versions
cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*range: <=4.3.1
- cpe:2.3:a:apache:cloudstack:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.4.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.htmlnvdVendor Advisory
docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.htmlnvdVendor Advisory
issues.apache.org/jira/browse/CLOUDSTACK-7952nvdVendor Advisory
secunia.com/advisories/62216nvd

News mentions

0

No linked articles in our index yet.