Information Disclosure in VMware vCenter Orchestrator Web Configuration Tool
CVE-2012-1513

Currently unrated

Key Information:

Vendor: Vmware
Status: Vcenter Orchestrator
Vendor: CVE Published:; 16 March 2012

Summary

The Web Configuration tool in VMware vCenter Orchestrator allows remote authenticated administrators to access sensitive information by placing vCenter Server passwords within an HTML document. This exposure can lead to unauthorized access and potential misuse of sensitive data. Organizations utilizing affected versions should apply necessary updates to mitigate this information disclosure risk.

References

http://www.securityfocus.com/bid/52525

vdb-entryx_refsource_BID

http://secunia.com/advisories/48408

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/80120

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 16, 2012
Vulnerability Reserved
Mar 8, 2012