Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache VCL 权限许可和访问控制漏洞
Vulnerability Description
Apache VCL是美国阿帕奇软件基金会(Apache)的一个免费、开源的云计算平台,可以为最终用户提供专用的计算环境。 Apache VCL 2.3.2之前的2.3.x版本、2.2.2之前的2.2.x版本和2.1版本中的Web GUI和XMLRPC API存在权限许可和访问控制漏洞。远程攻击者可利用该漏洞获取权限,造成拒绝服务或实施跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A