4
CVE-2012-1513
- EPSS 1.21%
- Veröffentlicht 16.03.2012 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:39:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Vcenter Orchestrator Version4.0
VMware ≫ Vcenter Orchestrator Version4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.21% | 0.644 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.vmware.com/security/advisories/VMSA-2012-0005.html
http://www.securityfocus.com/bid/52525
http://osvdb.org/80120
http://secunia.com/advisories/48408
http://www.securitytracker.com/id?1026816
https://exchange.xforce.ibmcloud.com/vulnerabilities/74091