HIGH🇵🇱 Wersja polska

CVE-2015-6861

CVSS 7.5v3.0pub. 2016-01-05upd. 2026-05-06

HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Eucalyptus

    APP
    Eucalyptus
    3.4.03.4.13.4.23.4.34.0.04.0.14.0.24.1.04.1.14.1.24.2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2016-8520HIGH8.8ten sam produkt

HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing version...

CVE-2016-8528HIGH8.8ten sam produkt

A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.

CVE-2013-4767HIGH10.0ten sam produkt

Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.

CVE-2012-3240HIGH7.5ten sam produkt

The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator pr...

CVE-2012-3241HIGH7.5ten sam produkt

The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, whi...