Описание
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.0 (включая)
Одно из
cpe:2.3:a:vmware:vcenter_server:*:update_2_rc:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:4.0.0.10021:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:4.0.0.12305:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:4.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:4.1.0.12319:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:4.1.0.14766:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:4.1.0.17435:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.0:update_1:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00504
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
EPSS
Процентиль: 66%
0.00504
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264