CVE-2017-4919

Опубликовано: 28 июл. 2017

Источник: nvd

CVSS3: 9

CVSS2: 6.8

EPSS Низкий

Описание

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.

Ссылки

http://www.securityfocus.com/bid/100102
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039004
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2017-0012.html
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/100102
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039004
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2017-0012.html
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00915

Низкий

9 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-h7jp-76rq-hgj5