CVE-2016-3085

CWE-254CWE-287Improper Authentication3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 49.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Cloudstack
Timeline
PublishedJun 10
Latest updateMay 14

Description

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:NExploitability: 2.2 | Impact: 4.2

Affected Packages1 packages

NVDapache/cloudstack7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-gqjr-gcpj-h4ww: Apache CloudStack 42022-05-14
CVEList
CVE-2016-3085: Apache CloudStack 42016-06-10
CVE-2016-3085 (MEDIUM CVSS 6.5) | Apache CloudStack 4.5.x before 4.5. | cvebase.io