Flaw in VMware CloudForms Account Configuration Allows Unauthorized Access
CVE-2017-12191
7.4HIGH
Summary
A security issue exists in VMware CloudForms due to improper account configuration, leading to the use of a shared account with privileged access to VMware Remote Console (VMRC) functions. This flaw may allow unauthorized users to access and modify settings within the VMRC and associated virtual machines, potentially compromising their security.
Affected Version(s)
CloudForms Through 5.9
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved