CVE-2013-2756

CWE-287Improper Authentication4 documents4 sources
Severity
5.0MEDIUM
EPSS
3.1%
top 13.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache CloudstackCitrix Cloudplatform
Timeline
PublishedMay 23
Latest updateMay 17

Description

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDapache/cloudstack4.0.0, 4.0.1, 4.0.2+2
NVDcitrix/cloudplatform5 versions+4

Patches

Patch: support.citrix.comPatch: support.citrix.com

🔴Vulnerability Details

2
GHSA
GHSA-vfmh-ppm9-22q4: Apache CloudStack 42022-05-17
CVEList
CVE-2013-2756: Apache CloudStack 42014-05-23

📋Vendor Advisories

1
Citrix
CVE-2013-2756: Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypas2014-05-23
CVE-2013-2756 (MEDIUM CVSS 5) | Apache CloudStack 4.0.0 before 4.0. | cvebase.io