VYPR
Critical severity9.8NVD Advisory· Published Feb 6, 2018· Updated Jun 17, 2026

CVE-2016-6813

CVE-2016-6813

Description

Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.

Affected products

2
  • Apache/Cloudstackllm-fuzzy2 versions
    4.1 - 4.8.1.0, 4.9.0.0+ 1 more
    • (no CPE)range: 4.1 - 4.8.1.0, 4.9.0.0
    • (no CPE)range: 4.1 to 4.8.1.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.