Vulnerability Details CVE-2016-3085
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.8
References
- http://packetstormsecurity.com/files/137390/Apache-CloudStack-4.5.0-Authentication-Bypass.html
- http://www.securityfocus.com/archive/1/538636/100/0/threaded
- http://packetstormsecurity.com/files/137390/Apache-CloudStack-4.5.0-Authentication-Bypass.html
- http://www.securityfocus.com/archive/1/538636/100/0/threaded
Products affected by CVE-2016-3085
-
cpe:2.3:a:apache:cloudstack:4.5.1
-
cpe:2.3:a:apache:cloudstack:4.5.2
-
cpe:2.3:a:apache:cloudstack:4.6.0
-
cpe:2.3:a:apache:cloudstack:4.6.1
-
cpe:2.3:a:apache:cloudstack:4.6.2
-
cpe:2.3:a:apache:cloudstack:4.7.0
-
cpe:2.3:a:apache:cloudstack:4.8