CVE-2014-0031

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
apachecloudstack
𝑥
≤ 4.2.0
apachecloudstack
2.0
apachecloudstack
2.0.1
apachecloudstack
2.1.0
apachecloudstack
2.1.1
apachecloudstack
2.1.2
apachecloudstack
2.1.3
apachecloudstack
2.1.4
apachecloudstack
2.1.5
apachecloudstack
2.1.6
apachecloudstack
2.1.7
apachecloudstack
2.1.8
apachecloudstack
2.1.9
apachecloudstack
2.1.10
apachecloudstack
2.2.0
apachecloudstack
2.2.1
apachecloudstack
2.2.2
apachecloudstack
2.2.3
apachecloudstack
2.2.5
apachecloudstack
2.2.6
apachecloudstack
2.2.7
apachecloudstack
2.2.8
apachecloudstack
2.2.9
apachecloudstack
2.2.11
apachecloudstack
2.2.12
apachecloudstack
2.2.13
apachecloudstack
2.2.14
apachecloudstack
3.0.0
apachecloudstack
3.0.1
apachecloudstack
3.0.2
apachecloudstack
4.0.0:incubating
apachecloudstack
4.0.1
apachecloudstack
4.0.2
apachecloudstack
4.1.0
apachecloudstack
4.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/55960
https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl
https://issues.apache.org/jira/browse/CLOUDSTACK-5145
http://secunia.com/advisories/55960
https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl
https://issues.apache.org/jira/browse/CLOUDSTACK-5145