Vulnerability Description
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.
CVSS Score
4.9
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Cloudstack | 4.4.4 |
Related Weaknesses (CWE)
References
- http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C94DD4CBVendor Advisory
- http://www.securityfocus.com/archive/1/537458/100/0/threaded
- https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisoriesVendor Advisory
- http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C94DD4CBVendor Advisory
- http://www.securityfocus.com/archive/1/537458/100/0/threaded
- https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisoriesVendor Advisory
FAQ
What is CVE-2015-3251?
CVE-2015-3251 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API cal...
How severe is CVE-2015-3251?
CVE-2015-3251 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3251?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Cloudstack.