Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for cloudplatform by citrix

    CVE-2013-2758 (GCVE-0-2013-2758)

    Vulnerability from nvd – Published: 2014-05-23 14:00 – Updated: 2024-08-06 15:44
    VLAI
    Summary
    Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/92749 vdb-entryx_refsource_OSVDB
    http://support.citrix.com/article/CTX135815 x_refsource_CONFIRM
    http://mail-archives.apache.org/mod_mbox/cloudsta… mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1028473 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/53204 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/59464 vdb-entryx_refsource_BID
    http://secunia.com/advisories/53175 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2013-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:44:33.690Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "92749",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/92749"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX135815"
              },
              {
                "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
              },
              {
                "name": "1028473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1028473"
              },
              {
                "name": "cloudstack-cve20132758-info-disc(83782)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
              },
              {
                "name": "53204",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53204"
              },
              {
                "name": "59464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59464"
              },
              {
                "name": "53175",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53175"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "92749",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/92749"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX135815"
            },
            {
              "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
            },
            {
              "name": "1028473",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1028473"
            },
            {
              "name": "cloudstack-cve20132758-info-disc(83782)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
            },
            {
              "name": "53204",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53204"
            },
            {
              "name": "59464",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59464"
            },
            {
              "name": "53175",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53175"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "92749",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/92749"
                },
                {
                  "name": "http://support.citrix.com/article/CTX135815",
                  "refsource": "CONFIRM",
                  "url": "http://support.citrix.com/article/CTX135815"
                },
                {
                  "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
                  "refsource": "MLIST",
                  "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300@stratosec.co%3E"
                },
                {
                  "name": "1028473",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1028473"
                },
                {
                  "name": "cloudstack-cve20132758-info-disc(83782)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
                },
                {
                  "name": "53204",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53204"
                },
                {
                  "name": "59464",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/59464"
                },
                {
                  "name": "53175",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53175"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2758",
        "datePublished": "2014-05-23T14:00:00.000Z",
        "dateReserved": "2013-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:44:33.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2757 (GCVE-0-2013-2757)

    Vulnerability from nvd – Published: 2014-05-23 14:00 – Updated: 2024-08-06 15:44
    VLAI
    Summary
    Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/92746 vdb-entryx_refsource_OSVDB
    http://support.citrix.com/article/CTX135815 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id/1028473 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/53204 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/59467 vdb-entryx_refsource_BID
    Date Public
    2013-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:44:33.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "92746",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/92746"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX135815"
              },
              {
                "name": "cloudplatform-cve20132757-sec-bypass(83783)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83783"
              },
              {
                "name": "1028473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1028473"
              },
              {
                "name": "53204",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53204"
              },
              {
                "name": "59467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59467"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "92746",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/92746"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX135815"
            },
            {
              "name": "cloudplatform-cve20132757-sec-bypass(83783)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83783"
            },
            {
              "name": "1028473",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1028473"
            },
            {
              "name": "53204",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53204"
            },
            {
              "name": "59467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59467"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2757",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "92746",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/92746"
                },
                {
                  "name": "http://support.citrix.com/article/CTX135815",
                  "refsource": "CONFIRM",
                  "url": "http://support.citrix.com/article/CTX135815"
                },
                {
                  "name": "cloudplatform-cve20132757-sec-bypass(83783)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83783"
                },
                {
                  "name": "1028473",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1028473"
                },
                {
                  "name": "53204",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53204"
                },
                {
                  "name": "59467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/59467"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2757",
        "datePublished": "2014-05-23T14:00:00.000Z",
        "dateReserved": "2013-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:44:33.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2756 (GCVE-0-2013-2756)

    Vulnerability from nvd – Published: 2014-05-23 14:00 – Updated: 2024-08-06 15:44
    VLAI
    Summary
    Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://support.citrix.com/article/CTX135815 x_refsource_CONFIRM
    http://mail-archives.apache.org/mod_mbox/cloudsta… mailing-listx_refsource_MLIST
    http://osvdb.org/92748 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/59463 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1028473 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/53204 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/53175 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2013-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:44:33.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cloudstack-cve20132756-sec-bypass(83781)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX135815"
              },
              {
                "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
              },
              {
                "name": "92748",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/92748"
              },
              {
                "name": "59463",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59463"
              },
              {
                "name": "1028473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1028473"
              },
              {
                "name": "53204",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53204"
              },
              {
                "name": "53175",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53175"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cloudstack-cve20132756-sec-bypass(83781)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX135815"
            },
            {
              "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
            },
            {
              "name": "92748",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/92748"
            },
            {
              "name": "59463",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59463"
            },
            {
              "name": "1028473",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1028473"
            },
            {
              "name": "53204",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53204"
            },
            {
              "name": "53175",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53175"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cloudstack-cve20132756-sec-bypass(83781)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
                },
                {
                  "name": "http://support.citrix.com/article/CTX135815",
                  "refsource": "CONFIRM",
                  "url": "http://support.citrix.com/article/CTX135815"
                },
                {
                  "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
                  "refsource": "MLIST",
                  "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300@stratosec.co%3E"
                },
                {
                  "name": "92748",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/92748"
                },
                {
                  "name": "59463",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/59463"
                },
                {
                  "name": "1028473",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1028473"
                },
                {
                  "name": "53204",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53204"
                },
                {
                  "name": "53175",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53175"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2756",
        "datePublished": "2014-05-23T14:00:00.000Z",
        "dateReserved": "2013-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:44:33.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5616 (GCVE-0-2012-5616)

    Vulnerability from nvd – Published: 2013-01-22 23:00 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://support.citrix.com/article/CTX136163 x_refsource_CONFIRM
    http://osvdb.org/89146 vdb-entryx_refsource_OSVDB
    http://seclists.org/fulldisclosure/2013/Jan/65 mailing-listx_refsource_FULLDISC
    http://osvdb.org/89147 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/57225 vdb-entryx_refsource_BID
    http://mail-archives.apache.org/mod_mbox/incubato… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/51821 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/57259 vdb-entryx_refsource_BID
    http://osvdb.org/89070 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/51366 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/51827 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1027978 vdb-entryx_refsource_SECTRACK
    Date Public
    2013-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX136163"
              },
              {
                "name": "89146",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/89146"
              },
              {
                "name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2013/Jan/65"
              },
              {
                "name": "89147",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/89147"
              },
              {
                "name": "57225",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/57225"
              },
              {
                "name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E"
              },
              {
                "name": "51821",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51821"
              },
              {
                "name": "57259",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/57259"
              },
              {
                "name": "89070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/89070"
              },
              {
                "name": "51366",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51366"
              },
              {
                "name": "51827",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51827"
              },
              {
                "name": "1027978",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027978"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-30T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX136163"
            },
            {
              "name": "89146",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/89146"
            },
            {
              "name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2013/Jan/65"
            },
            {
              "name": "89147",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/89147"
            },
            {
              "name": "57225",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/57225"
            },
            {
              "name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E"
            },
            {
              "name": "51821",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51821"
            },
            {
              "name": "57259",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/57259"
            },
            {
              "name": "89070",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/89070"
            },
            {
              "name": "51366",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51366"
            },
            {
              "name": "51827",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51827"
            },
            {
              "name": "1027978",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027978"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.citrix.com/article/CTX136163",
                  "refsource": "CONFIRM",
                  "url": "http://support.citrix.com/article/CTX136163"
                },
                {
                  "name": "89146",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/89146"
                },
                {
                  "name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2013/Jan/65"
                },
                {
                  "name": "89147",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/89147"
                },
                {
                  "name": "57225",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/57225"
                },
                {
                  "name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565@stratosec.co%3E"
                },
                {
                  "name": "51821",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51821"
                },
                {
                  "name": "57259",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/57259"
                },
                {
                  "name": "89070",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/89070"
                },
                {
                  "name": "51366",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51366"
                },
                {
                  "name": "51827",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51827"
                },
                {
                  "name": "1027978",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027978"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5616",
        "datePublished": "2013-01-22T23:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:16.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2756 (GCVE-0-2013-2756)

    Vulnerability from cvelistv5 – Published: 2014-05-23 14:00 – Updated: 2024-08-06 15:44
    VLAI
    Summary
    Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://support.citrix.com/article/CTX135815 x_refsource_CONFIRM
    http://mail-archives.apache.org/mod_mbox/cloudsta… mailing-listx_refsource_MLIST
    http://osvdb.org/92748 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/59463 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1028473 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/53204 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/53175 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2013-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:44:33.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cloudstack-cve20132756-sec-bypass(83781)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX135815"
              },
              {
                "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
              },
              {
                "name": "92748",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/92748"
              },
              {
                "name": "59463",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59463"
              },
              {
                "name": "1028473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1028473"
              },
              {
                "name": "53204",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53204"
              },
              {
                "name": "53175",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53175"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cloudstack-cve20132756-sec-bypass(83781)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX135815"
            },
            {
              "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
            },
            {
              "name": "92748",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/92748"
            },
            {
              "name": "59463",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59463"
            },
            {
              "name": "1028473",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1028473"
            },
            {
              "name": "53204",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53204"
            },
            {
              "name": "53175",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53175"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cloudstack-cve20132756-sec-bypass(83781)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
                },
                {
                  "name": "http://support.citrix.com/article/CTX135815",
                  "refsource": "CONFIRM",
                  "url": "http://support.citrix.com/article/CTX135815"
                },
                {
                  "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
                  "refsource": "MLIST",
                  "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300@stratosec.co%3E"
                },
                {
                  "name": "92748",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/92748"
                },
                {
                  "name": "59463",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/59463"
                },
                {
                  "name": "1028473",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1028473"
                },
                {
                  "name": "53204",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53204"
                },
                {
                  "name": "53175",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53175"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2756",
        "datePublished": "2014-05-23T14:00:00.000Z",
        "dateReserved": "2013-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:44:33.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2758 (GCVE-0-2013-2758)

    Vulnerability from cvelistv5 – Published: 2014-05-23 14:00 – Updated: 2024-08-06 15:44
    VLAI
    Summary
    Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/92749 vdb-entryx_refsource_OSVDB
    http://support.citrix.com/article/CTX135815 x_refsource_CONFIRM
    http://mail-archives.apache.org/mod_mbox/cloudsta… mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1028473 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/53204 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/59464 vdb-entryx_refsource_BID
    http://secunia.com/advisories/53175 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2013-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:44:33.690Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "92749",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/92749"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX135815"
              },
              {
                "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
              },
              {
                "name": "1028473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1028473"
              },
              {
                "name": "cloudstack-cve20132758-info-disc(83782)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
              },
              {
                "name": "53204",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53204"
              },
              {
                "name": "59464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59464"
              },
              {
                "name": "53175",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53175"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "92749",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/92749"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX135815"
            },
            {
              "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
            },
            {
              "name": "1028473",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1028473"
            },
            {
              "name": "cloudstack-cve20132758-info-disc(83782)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
            },
            {
              "name": "53204",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53204"
            },
            {
              "name": "59464",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59464"
            },
            {
              "name": "53175",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53175"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "92749",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/92749"
                },
                {
                  "name": "http://support.citrix.com/article/CTX135815",
                  "refsource": "CONFIRM",
                  "url": "http://support.citrix.com/article/CTX135815"
                },
                {
                  "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
                  "refsource": "MLIST",
                  "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300@stratosec.co%3E"
                },
                {
                  "name": "1028473",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1028473"
                },
                {
                  "name": "cloudstack-cve20132758-info-disc(83782)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
                },
                {
                  "name": "53204",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53204"
                },
                {
                  "name": "59464",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/59464"
                },
                {
                  "name": "53175",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53175"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2758",
        "datePublished": "2014-05-23T14:00:00.000Z",
        "dateReserved": "2013-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:44:33.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2757 (GCVE-0-2013-2757)

    Vulnerability from cvelistv5 – Published: 2014-05-23 14:00 – Updated: 2024-08-06 15:44
    VLAI
    Summary
    Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/92746 vdb-entryx_refsource_OSVDB
    http://support.citrix.com/article/CTX135815 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id/1028473 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/53204 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/59467 vdb-entryx_refsource_BID
    Date Public
    2013-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:44:33.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "92746",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/92746"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX135815"
              },
              {
                "name": "cloudplatform-cve20132757-sec-bypass(83783)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83783"
              },
              {
                "name": "1028473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1028473"
              },
              {
                "name": "53204",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/53204"
              },
              {
                "name": "59467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/59467"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "92746",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/92746"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX135815"
            },
            {
              "name": "cloudplatform-cve20132757-sec-bypass(83783)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83783"
            },
            {
              "name": "1028473",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1028473"
            },
            {
              "name": "53204",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/53204"
            },
            {
              "name": "59467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/59467"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2757",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "92746",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/92746"
                },
                {
                  "name": "http://support.citrix.com/article/CTX135815",
                  "refsource": "CONFIRM",
                  "url": "http://support.citrix.com/article/CTX135815"
                },
                {
                  "name": "cloudplatform-cve20132757-sec-bypass(83783)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83783"
                },
                {
                  "name": "1028473",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1028473"
                },
                {
                  "name": "53204",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/53204"
                },
                {
                  "name": "59467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/59467"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2757",
        "datePublished": "2014-05-23T14:00:00.000Z",
        "dateReserved": "2013-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:44:33.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5616 (GCVE-0-2012-5616)

    Vulnerability from cvelistv5 – Published: 2013-01-22 23:00 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://support.citrix.com/article/CTX136163 x_refsource_CONFIRM
    http://osvdb.org/89146 vdb-entryx_refsource_OSVDB
    http://seclists.org/fulldisclosure/2013/Jan/65 mailing-listx_refsource_FULLDISC
    http://osvdb.org/89147 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/57225 vdb-entryx_refsource_BID
    http://mail-archives.apache.org/mod_mbox/incubato… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/51821 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/57259 vdb-entryx_refsource_BID
    http://osvdb.org/89070 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/51366 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/51827 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1027978 vdb-entryx_refsource_SECTRACK
    Date Public
    2013-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX136163"
              },
              {
                "name": "89146",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/89146"
              },
              {
                "name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2013/Jan/65"
              },
              {
                "name": "89147",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/89147"
              },
              {
                "name": "57225",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/57225"
              },
              {
                "name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E"
              },
              {
                "name": "51821",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51821"
              },
              {
                "name": "57259",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/57259"
              },
              {
                "name": "89070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/89070"
              },
              {
                "name": "51366",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51366"
              },
              {
                "name": "51827",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51827"
              },
              {
                "name": "1027978",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027978"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-30T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX136163"
            },
            {
              "name": "89146",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/89146"
            },
            {
              "name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2013/Jan/65"
            },
            {
              "name": "89147",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/89147"
            },
            {
              "name": "57225",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/57225"
            },
            {
              "name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E"
            },
            {
              "name": "51821",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51821"
            },
            {
              "name": "57259",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/57259"
            },
            {
              "name": "89070",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/89070"
            },
            {
              "name": "51366",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51366"
            },
            {
              "name": "51827",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51827"
            },
            {
              "name": "1027978",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027978"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.citrix.com/article/CTX136163",
                  "refsource": "CONFIRM",
                  "url": "http://support.citrix.com/article/CTX136163"
                },
                {
                  "name": "89146",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/89146"
                },
                {
                  "name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2013/Jan/65"
                },
                {
                  "name": "89147",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/89147"
                },
                {
                  "name": "57225",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/57225"
                },
                {
                  "name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565@stratosec.co%3E"
                },
                {
                  "name": "51821",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51821"
                },
                {
                  "name": "57259",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/57259"
                },
                {
                  "name": "89070",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/89070"
                },
                {
                  "name": "51366",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51366"
                },
                {
                  "name": "51827",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51827"
                },
                {
                  "name": "1027978",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027978"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5616",
        "datePublished": "2013-01-22T23:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:16.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }