CVE-2012-5616

low Apache
CVSS v3 Base Score
1.5
AV:L/AC:M/Au:S/C:P/I:N/A:N
EPSS Score
0.1%
Exploitation probability in 30 days
Top 72% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None
Published: January 22, 2013 (4860 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

CWE

CWE-255

Affected Products

apache cloudstackcitrix cloudplatform

References

🔗 mail-archives.apache.org 🔗 osvdb.org 🔗 osvdb.org 🔗 osvdb.org 🔗 seclists.org