Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloudstack | Apache | - | - |
Cloudstack | Citrix | - | - |