Critical severity9.8NVD Advisory· Published Feb 8, 2016· Updated May 6, 2026

CVE-2015-3252

Description

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.

Affected products

Apache/Cloudstack
cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
Range: <=4.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3EnvdVendor Advisory
blogs.apache.org/cloudstack/entry/two_late_announced_security_advisoriesnvdVendor Advisory
www.securityfocus.com/archive/1/537459/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000