Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4501

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-4501
Last Modified 26 Oct 2012 01:08:25
Published 26 Oct 2012 06:39:16
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4501

Summary

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.

Vulnerable Systems

Application

  • Apache Cloudstack -

  • Citrix Cloudstack -


References

MLIST - [cloudstack-dev] 20121007 [CVE-2012-4501] CloudStack security announcement

CONFIRM - http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html

BUGTRAQ - 20121010 [CVE-2012-4501] CloudStack configuration vulnerability


Last Updated: 27 May 2016 11:01:16