CVE-2014-3796 — Improper Input Validation in Vmware NSX

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 34.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware NSX Vmware Vcloud Networking AND Security

Timeline

PublishedSep 15

Latest updateMay 17

Description

VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDvmware/vcloud_networking_and_security11 versions+10

▶NVDvmware/nsx6 versions+5

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-vj9r-p3wm-qv47: VMware NSX 6↗2022-05-17

▶

CVEList

CVE-2014-3796: VMware NSX 6↗2014-09-15

▶