VYPR

Cloudstack

by Citrix Systems

Source repositories

CVEs (6)

  • CVE-2012-4501Oct 26, 2012
    risk 0.01cvss epss 0.08

    Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.

  • CVE-2024-41107Jul 19, 2024
    risk 0.00cvss epss 0.18

    The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a…

  • CVE-2024-38346Jul 5, 2024
    risk 0.00cvss epss 0.03

    The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in…

  • CVE-2024-39864Jul 5, 2024
    risk 0.00cvss epss 0.02

    The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port…

  • CVE-2024-29008Apr 4, 2024
    risk 0.00cvss epss 0.01

    A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when…

  • CVE-2014-7807Dec 10, 2014
    risk 0.00cvss epss 0.03

    Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.