CVE-2016-6813

3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.5%
top 18.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache CloudstackApache Software Foundation Apache Cloudstack
Timeline
PublishedFeb 6
Latest updateMay 14

Description

Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/cloudstack4.1.04.8.1.0+1
CVEListV5apache_software_foundation/apache_cloudstack4.1 to 4.8.1.0, 4.9.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-hrqr-xjpc-vfrf: Apache CloudStack 42022-05-14
CVEList
CVE-2016-6813: Apache CloudStack 42018-02-06
CVE-2016-6813 (CRITICAL CVSS 9.8) | Apache CloudStack 4.1 to 4.8.1.0 an | cvebase.io