CVE-2012-4501 Information

Description

Citrix Cloud.com CloudStack and Apache CloudStack pre-release allows remote attackers to make arbitrary API calls by leveraging the system user account as demonstrated by API calls to delete VMs.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html http://markmail.org/thread/yfuxgymdqwg3kcg4