Cloudstack
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4501 | 0.01 | — | 0.08 | Oct 26, 2012 | Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | |||
| CVE-2024-41107 | 0.00 | — | 0.18 | Jul 19, 2024 | The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a… | |||
| CVE-2024-38346 | 0.00 | — | 0.03 | Jul 5, 2024 | The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in… | |||
| CVE-2024-39864 | 0.00 | — | 0.02 | Jul 5, 2024 | The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port… | |||
| CVE-2024-29008 | 0.00 | — | 0.01 | Apr 4, 2024 | A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when… | |||
| CVE-2014-7807 | 0.00 | — | 0.03 | Dec 10, 2014 | Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. |
- CVE-2012-4501Oct 26, 2012risk 0.01cvss —epss 0.08
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
- CVE-2024-41107Jul 19, 2024risk 0.00cvss —epss 0.18
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a…
- CVE-2024-38346Jul 5, 2024risk 0.00cvss —epss 0.03
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in…
- CVE-2024-39864Jul 5, 2024risk 0.00cvss —epss 0.02
The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port…
- CVE-2024-29008Apr 4, 2024risk 0.00cvss —epss 0.01
A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when…
- CVE-2014-7807Dec 10, 2014risk 0.00cvss —epss 0.03
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.