Apache · Apache Cloudstack · CVE-2013-2758
**Name of the Vulnerable Software and Affected Versions**
Apache CloudStack versions 4.0.0 through 4.0.2
Citrix CloudPlatform (formerly Citrix CloudStack) versions 3.0.x through 3.0.6
**Description**
The issue makes it easier for remote attackers to guess the console access URL via a brute force attack because it uses a hash of a predictable sequence.
**Recommendations**
For Apache CloudStack versions 4.0.0 through 4.0.2, update to version 4.0.2 or later.
For Citrix CloudPlatform (formerly Citrix CloudStack) versions 3.0.x through 3.0.6, apply Patch C.