5
CVE-2008-3514
- EPSS 0.48%
- Published 13.08.2008 12:42:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Virtualcenter Updateupdate_4 Version <= 2.0.2
VMware ≫ Virtualcenter Version2.0.2
VMware ≫ Virtualcenter Version2.0.2 Updateupdate_2
VMware ≫ Virtualcenter Version2.0.2 Updateupdate_3
VMware ≫ Virtualcenter Version2.5
VMware ≫ Virtualcenter Version2.5 Updateupdate_1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.619 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.