CVE-2012-4501
Apache CloudStack - Unauthenticated Arbitrary API Call Execution via System User Account
Title source: llmDescription
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
References (3)
Core 3
Core References
Various Sources mailing-list
x_refsource_mlist
http://markmail.org/thread/yfuxgymdqwg3kcg4
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html
Vendor Advisory x_refsource_confirm
http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html
Scores
EPSS
0.0273
EPSS Percentile
86.1%
Details
CWE
CWE-264
Status
published
Products (2)
apache/cloudstack
citrix/cloudstack
Published
Oct 26, 2012
Tracked Since
Feb 18, 2026