CVE-2015-3251

4.9MEDIUM

Key Information:

Vendor: Apache
Status: Cloudstack
Vendor: CVE Published:; 8 February 2016

Summary

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.

References

https://blogs.apache.org/cloudstack/entry/two_late_announ...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/537458/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://mail-archives.apache.org/mod_mbox/cloudstack-users...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2016
Vulnerability Reserved
Apr 10, 2015