5
CVE-2008-3514
- EPSS 1.81%
- Veröffentlicht 13.08.2008 12:42:00
- Zuletzt bearbeitet 16.06.2026 22:55:57
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Virtualcenter Updateupdate_4 Version <= 2.0.2
VMware ≫ Virtualcenter Version2.0.2
VMware ≫ Virtualcenter Version2.0.2 Updateupdate_2
VMware ≫ Virtualcenter Version2.0.2 Updateupdate_3
VMware ≫ Virtualcenter Version2.5
VMware ≫ Virtualcenter Version2.5 Updateupdate_1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.81% | 0.759 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://secunia.com/advisories/31468
http://securityreason.com/securityalert/4150
http://www.insomniasec.com/advisories/ISVA-080812.1.htm
http://www.securityfocus.com/archive/1/495386/100/0/threaded
http://www.securityfocus.com/bid/30664
http://www.securitytracker.com/id?1020693
http://www.vmware.com/security/advisories/VMSA-2008-0012.html
http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html
http://www.vupen.com/english/advisories/2008/2363
https://exchange.xforce.ibmcloud.com/vulnerabilities/44425