eucalyptus 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、vendor risk cross-site scripting, and vendor risk input validation があり、vendor surface software deployment and vendor surface production workloads の利用場面で ファイル上書き、vendor impact unexpected behavior, and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2014-5039 | Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 9.6 | 0.59% | 2020-01-31 | 2024-11-21 |
| CVE-2013-4770 | Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 6.1 | 0.22% | 2020-01-27 | 2024-11-21 |
| CVE-2016-8528 | A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found. | [email protected] | 8.8 | 2.30% | 2018-02-15 | 2024-11-21 |
| CVE-2016-8520 | HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data. | [email protected] | 8.8 | 0.48% | 2018-02-15 | 2024-11-21 |
| CVE-2017-7999 | Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. | [email protected] | 6.5 | 0.48% | 2017-06-01 | 2026-05-13 |
| CVE-2015-6861 | HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account. | [email protected] | 7.5 | 0.39% | 2016-01-05 | 2026-05-06 |
| CVE-2014-5040 | HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID. | [email protected] | 6.8 | 0.09% | 2016-01-05 | 2026-05-06 |
| CVE-2013-4769 | The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries. | [email protected] | 4.3 | 0.44% | 2014-12-26 | 2026-05-06 |
| CVE-2014-5038 | Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files. | [email protected] | 2.1 | 0.06% | 2014-11-07 | 2026-05-06 |
| CVE-2014-5037 | Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log. | [email protected] | 2.1 | 0.06% | 2014-11-07 | 2026-05-06 |
| CVE-2014-5036 | The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs. | [email protected] | 1.9 | 0.06% | 2014-09-05 | 2026-05-06 |
| CVE-2013-4768 | The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB). | [email protected] | 5.0 | 0.44% | 2014-04-16 | 2026-05-06 |
| CVE-2013-4767 | Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors. | [email protected] | 10.0 | 0.50% | 2013-10-10 | 2026-04-29 |
| CVE-2013-4766 | The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component. | [email protected] | 4.3 | 0.25% | 2013-09-17 | 2026-04-29 |
| CVE-2013-2297 | Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspecified vectors, a related issue to CVE-2013-2069. | [email protected] | 6.9 | 0.04% | 2013-09-17 | 2026-04-29 |
| CVE-2013-2296 | Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request. | [email protected] | 5.5 | 0.13% | 2013-09-17 | 2026-04-29 |
| CVE-2012-4067 | Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request. | [email protected] | 4.3 | 0.39% | 2013-09-17 | 2026-04-29 |
| CVE-2012-4066 | The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. | [email protected] | 5.0 | 0.20% | 2013-03-08 | 2026-04-29 |
| CVE-2012-4065 | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting. | [email protected] | 3.5 | 0.14% | 2012-10-01 | 2026-04-29 |
| CVE-2012-4064 | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id. | [email protected] | 6.5 | 0.36% | 2012-10-01 | 2026-04-29 |