CPE Details
VMware vCenter Server 4.1 update 2
4.1
2013-02-25
14h38 +00:00
14h38 +00:00
2013-03-07
17h44 +00:00
17h44 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:vmware:vcenter_server:4.1:update_2:*:*:*:*:*:*
Informations
Vendor
vmwareProduct
vcenter_serverVersion
4.1Update
update_2Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | 4.3 |
Moyen |
||
| vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | 9.8 |
Critique |
||
| The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). | 7.5 |
Haute |
||
| The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | 9.8 |
Critique |
||
| The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. | 9.8 |
Critique |
||
| The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | 9.8 |
Critique |
||
| The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. | 9.8 |
Critique |
||
| The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. | 9.1 |
Critique |
||
| Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | 6.8 |
|||
| VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries. | 7.8 |
|||
| The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. | 2.1 |
2025©
tesweb SA
