exploitDog

CVE-2014-1210

Опубликовано: 11 апр. 2014

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Ссылки

http://www.vmware.com/security/advisories/VMSA-2014-0003.html
Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0003.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vsphere_client:5.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_client:5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00181

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-7rj8-xh5v-9hqg

github

больше 3 лет назад

VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

EPSS

Процентиль: 40%

0.00181

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-310