Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3514

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3514
Last Modified 16 Mar 2011 12:00:00
Published 13 Aug 2008 08:42:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3514

Summary

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

Vulnerable Systems

Application

  • Vmware Virtualcenter 2.0.2

  • Vmware Virtualcenter 2.5


References

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0012.html

XF - virtualcenter-backend-info-disclosure(44425)

VUPEN - ADV-2008-2363

CONFIRM - http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html

SECTRACK - 1020693

BID - 30664

BUGTRAQ - 20080812 VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability

MISC - http://www.insomniasec.com/advisories/ISVA-080812.1.htm

SREASON - 4150

SECUNIA - 31468


Last Updated: 27 May 2016 10:48:12