CVE-2012-5616
Last modified
CVE-2012-5616 is a vulnerability of currently unknown severity. Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Apache | Cloudstack | 4.0.0 | Incubating |
| Citrix | Cloudplatform | <= 3.0.5 | — |
References
- http://support.citrix.com/article/CTX136163Vendor Advisory
- http://support.citrix.com/article/CTX136163Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-5616?
How severe is CVE-2012-5616?
How do I fix CVE-2012-5616?
Are you affected by CVE-2012-5616?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST