HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HEucalyptus
APPEucalyptus3.4.03.4.13.4.23.4.34.0.04.0.14.0.24.1.04.1.14.1.24.2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2016-8520HIGH8.8ten sam produkt
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing version...
CVE-2016-8528HIGH8.8ten sam produkt
A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.
CVE-2013-4767HIGH10.0ten sam produkt
Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.
CVE-2012-3240HIGH7.5ten sam produkt
The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator pr...
CVE-2012-3241HIGH7.5ten sam produkt
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, whi...