CVE-2016-3085

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Cloudstack
Vendor: CVE Published:; 10 June 2016

Summary

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.

References

http://packetstormsecurity.com/files/137390/Apache-CloudS...

x_refsource_MISC

http://www.securityfocus.com/archive/1/538636/100/0/threaded

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2016
Vulnerability Reserved
Mar 10, 2016