CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-6813

Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 81.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2016-6813

Apache » Cloudstack » Version: 4.1.0

cpe:2.3:a:apache:cloudstack:4.1.0
Apache » Cloudstack » Version: 4.1.1

cpe:2.3:a:apache:cloudstack:4.1.1
Apache » Cloudstack » Version: 4.2.0

cpe:2.3:a:apache:cloudstack:4.2.0
Apache » Cloudstack » Version: 4.2.1

cpe:2.3:a:apache:cloudstack:4.2.1
Apache » Cloudstack » Version: 4.3.0

cpe:2.3:a:apache:cloudstack:4.3.0
Apache » Cloudstack » Version: 4.3.1

cpe:2.3:a:apache:cloudstack:4.3.1
Apache » Cloudstack » Version: 4.3.2

cpe:2.3:a:apache:cloudstack:4.3.2
Apache » Cloudstack » Version: 4.4.0

cpe:2.3:a:apache:cloudstack:4.4.0
Apache » Cloudstack » Version: 4.4.1

cpe:2.3:a:apache:cloudstack:4.4.1
Apache » Cloudstack » Version: 4.4.2

cpe:2.3:a:apache:cloudstack:4.4.2
Apache » Cloudstack » Version: 4.4.3

cpe:2.3:a:apache:cloudstack:4.4.3
Apache » Cloudstack » Version: 4.4.4

cpe:2.3:a:apache:cloudstack:4.4.4
Apache » Cloudstack » Version: 4.5.0

cpe:2.3:a:apache:cloudstack:4.5.0
Apache » Cloudstack » Version: 4.5.1

cpe:2.3:a:apache:cloudstack:4.5.1
Apache » Cloudstack » Version: 4.5.2

cpe:2.3:a:apache:cloudstack:4.5.2
Apache » Cloudstack » Version: 4.5.2.1

cpe:2.3:a:apache:cloudstack:4.5.2.1
Apache » Cloudstack » Version: 4.5.2.2

cpe:2.3:a:apache:cloudstack:4.5.2.2
Apache » Cloudstack » Version: 4.6.0

cpe:2.3:a:apache:cloudstack:4.6.0
Apache » Cloudstack » Version: 4.6.1

cpe:2.3:a:apache:cloudstack:4.6.1
Apache » Cloudstack » Version: 4.6.2

cpe:2.3:a:apache:cloudstack:4.6.2
Apache » Cloudstack » Version: 4.6.2.1

cpe:2.3:a:apache:cloudstack:4.6.2.1
Apache » Cloudstack » Version: 4.7.0

cpe:2.3:a:apache:cloudstack:4.7.0
Apache » Cloudstack » Version: 4.7.1

cpe:2.3:a:apache:cloudstack:4.7.1
Apache » Cloudstack » Version: 4.7.1.1

cpe:2.3:a:apache:cloudstack:4.7.1.1
Apache » Cloudstack » Version: 4.8

cpe:2.3:a:apache:cloudstack:4.8
Apache » Cloudstack » Version: 4.8.0

cpe:2.3:a:apache:cloudstack:4.8.0
Apache » Cloudstack » Version: 4.8.0.1

cpe:2.3:a:apache:cloudstack:4.8.0.1
Apache » Cloudstack » Version: 4.8.1

cpe:2.3:a:apache:cloudstack:4.8.1
Apache » Cloudstack » Version: 4.8.1.0

cpe:2.3:a:apache:cloudstack:4.8.1.0
Apache » Cloudstack » Version: 4.9.0

cpe:2.3:a:apache:cloudstack:4.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-6813

Products

Pricing

Contact Us