CVE-2014-7807

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
apachecloudstack
4.3.0
apachecloudstack
4.3.1
apachecloudstack
4.4.0
apachecloudstack
4.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.citrix.com/article/CTX200285
http://www.securityfocus.com/archive/1/534176/100/0/threaded
http://support.citrix.com/article/CTX200285
http://www.securityfocus.com/archive/1/534176/100/0/threaded