CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3252
https://notcve.org/view.php?id=CVE-2015-3252
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. Apache CloudStack en versiones anteriores a 4.5.2 no conserva adecuadamente las contraseñas VNC al migrar máquinas virtuales KVM, lo que permite a atacantes remotos obtener acceso mediante la conexión al servidor VNC. • http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E http://www.securityfocus.com/archive/1/537459/100/0/threaded https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories • CWE-255: Credentials Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9593
https://notcve.org/view.php?id=CVE-2014-9593
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. Apache CloudStack anterior a 4.3.2 y 4.4.x anterior a 4.4.2 permite a atacantes remotos obtener claves privados a través de una llamada a la API listSslCerts. • http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release http://secunia.com/advisories/62216 https://issues.apache.org/jira/browse/CLOUDSTACK-7952 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-7807
https://notcve.org/view.php?id=CVE-2014-7807
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. Apache CloudStack 4.3.x anterior a 4.3.2 y 4.4.x anterior a 4.4.2 permite a atacantes remotos evadir la autenticación a través de una solicitud de inicio de sesión sin contraseña, lo que provoca un vínculo no autenticado. • http://support.citrix.com/article/CTX200285 http://www.securityfocus.com/archive/1/534176/100/0/threaded • CWE-287: Improper Authentication •