Описание
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
Уязвимые конфигурации
Конфигурация 1Версия от 4.0 (включая) до 5.1.1 (исключая)
Одно из
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.65683
Средний
7.2 High
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 7.2
github
больше 1 года назад
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
CVSS3: 7.2
fstec
больше 1 года назад
Уязвимость программного обеспечения управления виртуальной инфраструктурой VMware vCenter Server, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
EPSS
Процентиль: 98%
0.65683
Средний
7.2 High
CVSS3
Дефекты
CWE-94