Vulnerability in Apache Cloudstack

CVE-2014-0031

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.

EPSS: 0.003 (55.7th percentile) — read the EPSS interpretation.

Affected products

Apache Cloudstack — versions 2.0, 2.0.1, 2.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

55960 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)