CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3251
https://notcve.org/view.php?id=CVE-2015-3251
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. Apache CloudStack en versiones anteriores a 4.5.2 podría permitir a administradores remotos autenticados obtener información de contraseña sensible para cuentas root de máquinas virtuales a través de vectores no especificados relacionado con llamadas API. • http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C94DD4CB4-F718-4F79-A934-3D677E497114%40gmail.com%3E http://www.securityfocus.com/archive/1/537458/100/0/threaded https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3252
https://notcve.org/view.php?id=CVE-2015-3252
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. Apache CloudStack en versiones anteriores a 4.5.2 no conserva adecuadamente las contraseñas VNC al migrar máquinas virtuales KVM, lo que permite a atacantes remotos obtener acceso mediante la conexión al servidor VNC. • http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E http://www.securityfocus.com/archive/1/537459/100/0/threaded https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories • CWE-255: Credentials Management Errors •