1.5

CVE-2012-5616

EPSS 0.15%
Published 22.01.2013 23:55:02
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

Affected products Warnungen 0 Metrics 2 CWE 0 References 15

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Cloudstack Version4.0.0 Updateincubating

Citrix ≫ Cloudplatform Version <= 3.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.322

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	1.5	2.7	2.9	AV:L/AC:M/Au:S/C:P/I:N/A:N

http://osvdb.org/89070

http://secunia.com/advisories/51366

http://www.securityfocus.com/bid/57225

http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E

http://osvdb.org/89146

http://osvdb.org/89147

http://seclists.org/fulldisclosure/2013/Jan/65

http://secunia.com/advisories/51821

http://secunia.com/advisories/51827

http://support.citrix.com/article/CTX136163

Vendor Advisory

http://www.securityfocus.com/bid/57259

http://www.securitytracker.com/id?1027978

https://nvd.nist.gov/vuln/detail/CVE-2012-5616

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5616

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5616

EUVD