CVE-2012-1472
published 2012-03-13CVE-2012-1472: VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or…
PriorityP430medium6.4CVSS 2.0
AVNACLAuNCPINAP
EPSS
1.93%
77.5th percentile
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vcenter_chargeback_manager | <= 2.0.0 | — |
| vmware | vcenter_chargeback_manager | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c25g-pf3j-289j: VMware vCenter Chargeback Manager (aka CBM) before 2
ghsa_unreviewed·2022-05-17
CVE-2012-1472 [MEDIUM] CWE-20 GHSA-c25g-pf3j-289j: VMware vCenter Chargeback Manager (aka CBM) before 2
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors.
VMware
VMware vCenter Chargeback Manager Information Leak and Denial of Service
vendor_vmware·2012-03-08·CVSS 6.4
CVE-2012-1472 [MEDIUM] VMware vCenter Chargeback Manager Information Leak and Denial of Service
VMSA-2012-0002: VMware vCenter Chargeback Manager Information Leak and Denial of Service
The vCenter Chargeback Manager (CBM) contains a flaw in its handling of XML API requests. This vulnerability allows an unauthenticated remote attacker to download files from the CBM server or conduct a denial-of-service against the server. VMware thanks Joshua Keyes for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1472 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product ============= Product Version ======= Running on ======= Replace with/ Apply Patch ================= VMware Product ============= CBM Product Vers
No detection rules found.
No writeups or analysis indexed.
2012-03-13
Published