cbcvebase.
CVE-2013-3520
published 2013-06-17

CVE-2013-3520: VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via…

PriorityP270high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
55.64%
98.9th percentile
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected

7 ranges
VendorProductVersion rangeFixed in
vmwarevcenter_chargeback_manager<= 2.5.0
vmwarevcenter_chargeback_manager
vmwarevcenter_chargeback_manager
vmwarevcenter_chargeback_manager
vmwarevcenter_chargeback_manager
vmwarevcenter_chargeback_manager
vmwarevcenter_chargeback_manager

Detection & IOCsextracted from sources · hover to see the quote

url/cbmui/ImageUploadServlet
url/cbmui/images/
url/cbmui/en_US/themes/excel/index.htm
filename*.jsp (random 8-char alpha name uploaded to /cbmui/images/)
  • Detect unauthenticated multipart POST requests to /cbmui/ImageUploadServlet — no prior authentication is required, making any POST to this endpoint suspicious.
  • Alert on multipart/form-data POST to /cbmui/ImageUploadServlet where the uploaded filename ends in .jsp, indicating attempted JSP webshell placement.
  • Alert on subsequent GET requests to /cbmui/images/*.jsp, which indicates execution of an uploaded JSP payload.
  • Check response body of the vCenter Chargeback Manager login/index page for the string 'vCenter Chargeback Manager' to confirm a vulnerable instance is exposed.
  • The exploit requires SSL (HTTPS on port 443); monitor HTTPS traffic to /cbmui/ImageUploadServlet for multipart uploads not associated with authenticated sessions.
  • ·The Metasploit module targets specifically VMware vCenter Chargeback Manager 2.0.1 on Windows 2003 SP2; exploitation on other versions or OS platforms is not confirmed by the module.
  • ·The module's target filter restricts to Apache on Win32 servers; non-Windows deployments are excluded from this exploit path.
  • ·The vulnerability affects VMware vCenter Chargeback Manager versions before 2.5.1; versions 2.5.1 and later are patched.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.