Access Control Vulnerability in VMware VirtualCenter by VMware
CVE-2008-3514

Currently unrated

Key Information:

Vendor: Vmware
Status: Virtualcenter
Vendor: CVE Published:; 13 August 2008

Summary

VMware VirtualCenter versions prior to Update 2 for 2.5 and Update 5 for 2.0.2 contain an access control vulnerability that relies on client-side functionality for user permission management. This flaw enables remote attackers to uncover valid usernames by manipulating GUI features and attempting to assign permissions, potentially leading to unauthorized actions within the system.

References

http://www.vmware.com/support/vi3/doc/releasenotes_vc202u...

x_refsource_CONFIRM

http://secunia.com/advisories/31468

third-party-advisoryx_refsource_SECUNIA

http://www.vmware.com/security/advisories/VMSA-2008-0012....

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 13, 2008
Vulnerability Reserved
Aug 7, 2008