CVE-2014-7807

Apache Cloudstack - Authentication Bypass

Title source: rule

Description

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.

References (2)

[Vendor Advisory] http://support.citrix.com/article/CTX200285

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/534176/100/0/threaded

Scores

EPSS 0.0042

EPSS Percentile 61.5%

Classification

CWE

CWE-287

Status draft

Affected Products (4)

apache/cloudstack

Timeline

Published Dec 10, 2014

Tracked Since Feb 18, 2026