CVE-2008-3514

Currently unrated

Key Information:

Vendor: Vmware
Status: Virtualcenter
Vendor: CVE Published:; 13 August 2008

Summary

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

References

http://www.vmware.com/support/vi3/doc/releasenotes_vc202u...

x_refsource_CONFIRM

http://secunia.com/advisories/31468

third-party-advisoryx_refsource_SECUNIA

http://www.vmware.com/security/advisories/VMSA-2008-0012....

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 13, 2008
Vulnerability Reserved
Aug 7, 2008