CVE-2014-7807

CWE-287Improper Authentication3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.4%
top 38.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Cloudstack
Timeline
PublishedDec 10
Latest updateMay 14

Description

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/cloudstack4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-r3mw-gv7v-r27r: Apache CloudStack 42022-05-14
CVEList
CVE-2014-7807: Apache CloudStack 42014-12-10
CVE-2014-7807 (MEDIUM CVSS 5) | Apache CloudStack 4.3.x before 4.3. | cvebase.io