CVE-2008-3514
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."
VirtualCenter de VMware versión 2.5 anterior a Update 2 y versión 2.0.2 anterior a Update 5, se basa en la función "enabled/disabled functionality" para el control de acceso, lo que permite a los atacantes remotos determinar nombres de usuario comprobados mediante la habilitación de la funcionalidad en la GUI y luego haciendo un "attempt to assign permissions to other system users".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-08-07 CVE Reserved
- 2008-08-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/4150 | Third Party Advisory | |
| http://www.insomniasec.com/advisories/ISVA-080812.1.htm | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/495386/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/30664 | Vdb Entry | |
| http://www.securitytracker.com/id?1020693 | Vdb Entry | |
| http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44425 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2008-0012.html | 2018-10-11 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/31468 | 2018-10-11 | |
| http://www.vupen.com/english/advisories/2008/2363 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Virtualcenter Search vendor "Vmware" for product "Virtualcenter" | <= 2.0.2 Search vendor "Vmware" for product "Virtualcenter" and version " <= 2.0.2" | update_4 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Virtualcenter Search vendor "Vmware" for product "Virtualcenter" | 2.0.2 Search vendor "Vmware" for product "Virtualcenter" and version "2.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Virtualcenter Search vendor "Vmware" for product "Virtualcenter" | 2.0.2 Search vendor "Vmware" for product "Virtualcenter" and version "2.0.2" | update_2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Virtualcenter Search vendor "Vmware" for product "Virtualcenter" | 2.0.2 Search vendor "Vmware" for product "Virtualcenter" and version "2.0.2" | update_3 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Virtualcenter Search vendor "Vmware" for product "Virtualcenter" | 2.5 Search vendor "Vmware" for product "Virtualcenter" and version "2.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Virtualcenter Search vendor "Vmware" for product "Virtualcenter" | 2.5 Search vendor "Vmware" for product "Virtualcenter" and version "2.5" | update_1 |
Affected
| ||||||