CVE-2012-1513 — Sensitive Information Exposure in Vmware Vcenter Orchestrator

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 40.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vcenter Orchestrator

Timeline

PublishedMar 16

Latest updateMay 14

Description

The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDvmware/vcenter_orchestrator4.0, 4.1+1

🔴Vulnerability Details

GHSA

GHSA-pv9q-9grm-74mr: The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4↗2022-05-14

▶

CVEList

CVE-2012-1513: The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4↗2012-03-16

▶