CVE-2015-3251

CWE-200 — Information Exposure3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 60.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Cloudstack

Timeline

PublishedFeb 8

Latest updateMay 14

Description

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

▶NVDapache/cloudstack4.4.4, 4.5.1+1

🔴Vulnerability Details

GHSA

GHSA-mm84-f7fc-q3fw: Apache CloudStack before 4↗2022-05-14

▶

CVEList

CVE-2015-3251: Apache CloudStack before 4↗2016-02-08

▶