CVE-2012-4501

Name of the Vulnerable Software and Affected Versions Citrix Cloud.com CloudStack, and Apache CloudStack pre-release

Description The issue allows remote attackers to make arbitrary API calls by leveraging the system user account. This can be demonstrated by API calls to delete VMs.

Recommendations For Citrix Cloud.com CloudStack and Apache CloudStack pre-release, consider restricting access to the system user account to minimize the risk of exploitation. As a temporary workaround, limit the ability to make arbitrary API calls until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.