Vulnerabilities > Apache > Cloudstack > 4.19.0.2

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-50386 Unspecified vulnerability in Apache Cloudstack
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances.
network
low complexity
apache
critical
9.9
2024-10-16 CVE-2024-45461 Missing Authorization vulnerability in Apache Cloudstack
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default.
network
low complexity
apache CWE-862
6.3
2024-10-16 CVE-2024-45462 Unspecified vulnerability in Apache Cloudstack
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service.
local
low complexity
apache
7.1
2024-10-16 CVE-2024-45693 Unspecified vulnerability in Apache Cloudstack
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests.
network
low complexity
apache
8.8
2024-08-07 CVE-2024-42062 Incorrect Authorization vulnerability in Apache Cloudstack
CloudStack account-users by default use username and password based authentication for API and UI access.
network
low complexity
apache CWE-863
7.2
2024-07-19 CVE-2024-41107 Unspecified vulnerability in Apache Cloudstack
The CloudStack SAML authentication (disabled by default) does not enforce signature check.
network
high complexity
apache
8.1