The Apache CloudStack Security Team recommends users of Apache CloudStack versions 4.0.0, 4.0.1, 4.0.2 and 4.1.0 to update their versions to 4.1.1 or higher in order to mitigate this vulnerability.
Read more here – https://issues.apache.org/jira/browse/CLOUDSTACK-2936
Please see the 4.1.1 release notes for further information about how to upgrade:
http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html