CVE-2014-7807
Apache CloudStack 4.3.x < 4.3.2 and 4.4.x < 4.4.2 - Unauthenticated Authentication Bypass via Login Request
Title source: llmDescription
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX200285
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534176/100/0/threaded
Scores
EPSS
0.0042
EPSS Percentile
62.1%
Details
CWE
CWE-287
Status
published
Products (4)
apache/cloudstack
4.3.0
apache/cloudstack
4.3.1
apache/cloudstack
4.4.0
apache/cloudstack
4.4.1
Published
Dec 10, 2014
Tracked Since
Feb 18, 2026