Remote Code Execution in VMware Hyperic HQ by Groovy Script Console
CVE-2013-6366

Currently unrated

Key Information:

Vendor
Vmware
Vendor
CVE Published:
4 November 2013

Summary

The Groovy script console present in VMware Hyperic HQ version 4.6.6 contains a vulnerability that enables remote authenticated administrators to execute arbitrary code on the server. This flaw arises from improper handling of commands executed through the Runtime.getRuntime().exec call. An attacker with administrative access can leverage this vulnerability to run malicious scripts, potentially compromising the integrity and availability of the server.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.