Sensitive Information Insertion Vulnerability in Cloud Director Object Storage Extension
CVE-2024-22276

5.3MEDIUM

Key Information:

Vendor
N/a
Status
Vmware Cloud Director Object Storage Extension
Vendor
CVE Published:
27 June 2024

Summary

VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability.

A malicious actor with adjacent access to web/proxy server logging may be able to obtain sensitive information from URLs that are logged.

Affected Version(s)

VMware Cloud Director Object Storage Extension VMware Cloud Director Object Storage Extension 3.0, VMware Cloud Director Object Storage Extension 2.x

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.