Vulnerability in Apache Cloudstack
CVE-2012-4501
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
EPSS: 0.027 (86.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Cloudstack
- Citrix Cloudstack
- N/a — versions n/a
Weakness classification (CWE)
References
- [cloudstack-dev] 20121007 [CVE-2012-4501] CloudStack security announcement (mailing-list, x_refsource_MLIST)
- 20121010 [CVE-2012-4501] CloudStack configuration vulnerability (mailing-list, x_refsource_BUGTRAQ)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)