Apache · Apache Cloudstack · CVE-2014-9593
**Name of the Vulnerable Software and Affected Versions**
Apache CloudStack versions prior to 4.3.2
Apache CloudStack versions 4.4.x prior to 4.4.2
**Description**
The issue allows remote attackers to obtain private keys. This can be achieved via a "listSslCerts API" call, which is used to list SSL certificates.
**Recommendations**
For versions prior to 4.3.2, update to version 4.3.2 or later.
For versions 4.4.x prior to 4.4.2, update to version 4.4.2 or later.