CVE-2012-4501

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
apachecloudstack
-
citrixcloudstack
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html
http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html
http://markmail.org/thread/yfuxgymdqwg3kcg4
http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html
http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html
http://markmail.org/thread/yfuxgymdqwg3kcg4