4
CVE-2006-5990
- EPSS 0.89%
- Veröffentlicht 21.11.2006 01:07:00
- Zuletzt bearbeitet 16.06.2026 22:32:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Virtualcenter Version1.4.1
VMware ≫ Virtualcenter Version2.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.89% | 0.545 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 4.9 | 4.9 |
AV:N/AC:H/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://kb.vmware.com/kb/4646606
http://secunia.com/advisories/23053
http://securitytracker.com/id?1017270
http://www.securityfocus.com/archive/1/452275/100/0/threaded
http://www.securityfocus.com/bid/21231
http://www.vmware.com/download/vi/vc-201-200611-patch.html
http://www.vupen.com/english/advisories/2006/4655
https://exchange.xforce.ibmcloud.com/vulnerabilities/30477