Описание
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.2 (включая)
Одно из
cpe:2.3:a:vmware:virtualcenter:*:update_4:*:*:*:*:*:*
cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:virtualcenter:2.0.2:update_2:*:*:*:*:*:*
cpe:2.3:a:vmware:virtualcenter:2.0.2:update_3:*:*:*:*:*:*
cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:virtualcenter:2.5:update_1:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00475
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."
EPSS
Процентиль: 64%
0.00475
Низкий
5 Medium
CVSS2
Дефекты
CWE-200