Authentication Bypass in Apache CloudStack Affects Multiple Versions
CVE-2016-3085

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Cloudstack
Vendor: CVE Published:; 10 June 2016

What is CVE-2016-3085?

The vulnerability allows remote attackers to exploit the SAML authentication mechanism of Apache CloudStack, enabling them to bypass authentication and gain unauthorized access to the user interface. This issue affects several versions of CloudStack, particularly before the specified patches were applied. Attackers can leverage this weakness through carefully crafted requests targeting the SAML plugin, compromising the system's security and integrity.

References

http://packetstormsecurity.com/files/137390/Apache-CloudS...

x_refsource_MISC

http://www.securityfocus.com/archive/1/538636/100/0/threaded

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2016
Vulnerability Reserved
Mar 10, 2016