CVE-2010-0686

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

1.1%

top 22.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ESX Server Vmware Server Vmware Virtualcenter

Timeline

PublishedApr 1

Latest updateMay 2

Description

WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDvmware/server2.0.0

▶NVDvmware/esx_server3.0.3, 3.5+1

▶NVDvmware/virtualcenter2.0.2, 2.5+1

Patches

Patch: lists.vmware.com ↗Patch: www.securityfocus.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-398r-4xmm-8gch: WebAccess in VMware VirtualCenter 2↗2022-05-02

▶

CVEList

CVE-2010-0686: WebAccess in VMware VirtualCenter 2↗2010-04-01

▶