Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe

Filtered by product Cloudstack

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2016-3085	1 Apache	1 Cloudstack	2018-10-09	5.8 MEDIUM	6.5 MEDIUM
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.
CVE-2015-3251	1 Apache	1 Cloudstack	2018-10-09	4.0 MEDIUM	4.9 MEDIUM
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.
CVE-2013-4317	1 Apache	1 Cloudstack	2018-02-26	4.0 MEDIUM	4.3 MEDIUM
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.