Skip to main content

VMware vCenter Server Appliance Directory Traversal Vulnerability

Last Update Date: 24 Dec 2012 11:11 Release Date: 24 Dec 2012 4812 Views

RISK: Medium Risk

TYPE: Operating Systems - VM Ware

TYPE: VM Ware

Two vulnerabilities have been identified in VMware vCenter Server Appliance, which can be exploited by remote authenticated user to view files on the target system.

  1. A remote authenticated user can supply a specially crafted request to retrieve arbitrary files from the target system.
  2. A remote authenticated user can supply a specially crafted request to exploit an XML parsing flaw to retrieve arbitrary files from the target system.

Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • vCenter Server Appliance 5.1 prior to vCSA 5.1.0b 
  • vCenter Server Appliance 5.0 prior to vCSA 5.0 Update 2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link