Medium severity6.5OSV Advisory· Published Jun 10, 2016· Updated Jun 17, 2026
CVE-2016-3085
CVE-2016-3085
Description
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.
Affected products
94.5.1, 4.6.0, 4.6.1, …+ 8 more
- (no CPE)range: 4.5.1, 4.6.0, 4.6.1, …
- cpe:2.3:a:apache:cloudstack:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.8:*:*:*:*:*:*:*
- (no CPE)range: >=4.5.0, <4.5.2.1; >=4.6.0, <4.6.2.1; >=4.7.0, <4.7.1.1; >=4.8.0, <4.8.0.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.