Описание
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.0 (включая)
Одно из
cpe:2.3:a:vmware:vcenter_server:*:1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:5.5:u3c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcloud_automation_identity_appliance:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcloud_director:5.5.5:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00438
Низкий
7.6 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 7.6
github
больше 3 лет назад
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
EPSS
Процентиль: 63%
0.00438
Низкий
7.6 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287