CVE-2008-3514 — Sensitive Information Exposure in Vmware Virtualcenter

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 35.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Virtualcenter

Timeline

PublishedAug 13

Latest updateMay 2

Description

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDvmware/virtualcenter2.0.2+2

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-2rrj-r6g7-f5gj: VMware VirtualCenter 2↗2022-05-02

▶

CVEList

CVE-2008-3514: VMware VirtualCenter 2↗2008-08-13

▶