Vulnerabilities > Apache > Cloudstack > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2024-45462 Unspecified vulnerability in Apache Cloudstack
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service.
local
low complexity
apache
7.1
2024-10-16 CVE-2024-45693 Unspecified vulnerability in Apache Cloudstack
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests.
network
low complexity
apache
8.8
2024-08-07 CVE-2024-42062 Incorrect Authorization vulnerability in Apache Cloudstack
CloudStack account-users by default use username and password based authentication for API and UI access.
network
low complexity
apache CWE-863
7.2
2024-07-19 CVE-2024-41107 Unspecified vulnerability in Apache Cloudstack
The CloudStack SAML authentication (disabled by default) does not enforce signature check.
network
high complexity
apache
8.1
2022-03-15 CVE-2022-26779 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cloudstack
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens.
network
high complexity
apache CWE-338
7.5