Remote Code Execution in VMware Hyperic HQ by Groovy Script Console
CVE-2013-6366

Currently unrated

Key Information:

Vendor: Vmware
Status: Hyperic Hq
Vendor: CVE Published:; 4 November 2013

Summary

The Groovy script console present in VMware Hyperic HQ version 4.6.6 contains a vulnerability that enables remote authenticated administrators to execute arbitrary code on the server. This flaw arises from improper handling of commands executed through the Runtime.getRuntime().exec call. An attacker with administrative access can leverage this vulnerability to run malicious scripts, potentially compromising the integrity and availability of the server.

References

http://www.exploit-db.com/exploits/28962/

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 4, 2013