Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4404Path Traversal in Vmware Vcenter Update Manager

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
83.3%
top 0.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Vmware Vcenter Update ManagerVmware EsxiVmware Vcenter Server+2 more
Timeline
PublishedNov 19
Latest updateMay 17

Description

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

vmwarevmware/esxi

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

1
GHSA
GHSA-2vmm-vm8r-59c6: The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 42022-05-17

💥Exploits & PoCs

2
Exploit-DB
VMware - Update Manager Directory Traversal2011-11-21
Metasploit
VMware Update Manager 4 Directory Traversal

📋Vendor Advisories

1
VMware
VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability2011-11-17