VYPR
Medium severity6.5OSV Advisory· Published Jun 10, 2016· Updated Jun 17, 2026

CVE-2016-3085

CVE-2016-3085

Description

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.

Affected products

9
  • Apache/CloudstackOSV9 versions
    4.5.1, 4.6.0, 4.6.1, …+ 8 more
    • (no CPE)range: 4.5.1, 4.6.0, 4.6.1, …
    • cpe:2.3:a:apache:cloudstack:4.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cloudstack:4.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cloudstack:4.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cloudstack:4.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cloudstack:4.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cloudstack:4.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cloudstack:4.8:*:*:*:*:*:*:*
    • (no CPE)range: >=4.5.0, <4.5.2.1; >=4.6.0, <4.6.2.1; >=4.7.0, <4.7.1.1; >=4.8.0, <4.8.0.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.