CVE-2015-3251

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions prior to 4.5.2

Description The issue allows remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines. This is related to API calls, but the specific vectors are not specified.

Recommendations For versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to API calls that handle sensitive password information until a patch is applied.