Lucene search

RedhatCVELIST:CVE-2012-4501

HistoryOct 26, 2012 - 10:00 a.m.

CVE-2012-4501

2012-10-2610:00:00

redhat

www.cve.org

citrix cloud.com cloudstack

apache cloudstack

remote attackers

arbitrary api calls

system user account

delete vms

AI Score

6.8

Confidence

Low

EPSS

0.015

Percentile

87.1%

JSON

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.

References

archives.neohapsis.com/archives/bugtraq/2012-10/0062.html

cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html

markmail.org/thread/yfuxgymdqwg3kcg4