CVE-2008-3514

Sažetak

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

Reference

http://secunia.com/advisories/31468
http://securityreason.com/securityalert/4150
http://www.insomniasec.com/advisories/ISVA-080812.1.htm
http://www.securityfocus.com/archive/1/495386/100/0/threaded
http://www.securityfocus.com/bid/30664
http://www.securitytracker.com/id?1020693
http://www.vmware.com/security/advisories/VMSA-2008-0012.html
http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html
http://www.vupen.com/english/advisories/2008/2363
https://exchange.xforce.ibmcloud.com/vulnerabilities/44425

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-10-2018 - 20:48

Objavljeno

13-08-2008 - 12:42