7.6
CVE-2016-2076
- EPSS 0.44%
- Veröffentlicht 15.04.2016 14:59:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Vcenter Server Update1b Version <= 6.0
VMware ≫ Vcenter Server Version5.5 Update3a
VMware ≫ Vcenter Server Version5.5 Update3b
VMware ≫ Vcenter Server Version5.5 Updateu3c
VMware ≫ Vcloud Automation Identity Appliance Version6.2.4
VMware ≫ Vcloud Director Version5.5.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.621 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 2.8 | 4.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.