CVE-2013-5971
VMware Security Advisory 2013-0012
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
Vulnerabilidad de fijación de sesión en el vSphere Web Client Server de VMware vCenter Server 5.0 anterior a Update 3 permite a atacantes remotos secuestrar sesiones web y obtener privilegios a través de vectores sin especificar.
VMware has updated vCenter Server, vCenter Server Appliance (vCSA), vSphere Update Manager (VUM), ESXi and ESX to address multiple security vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-10-01 CVE Reserved
- 2013-10-18 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/98718 | Vdb Entry | |
| http://www.securityfocus.com/bid/63218 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/88134 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2013-0012.html | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | <= 5.0 Search vendor "Vmware" for product "Vcenter Server" and version " <= 5.0" | update_2_rc |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 4.0.0.10021 Search vendor "Vmware" for product "Vcenter Server" and version "4.0.0.10021" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 4.0.0.12305 Search vendor "Vmware" for product "Vcenter Server" and version "4.0.0.12305" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 4.1 Search vendor "Vmware" for product "Vcenter Server" and version "4.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 4.1.0.12319 Search vendor "Vmware" for product "Vcenter Server" and version "4.1.0.12319" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 4.1.0.14766 Search vendor "Vmware" for product "Vcenter Server" and version "4.1.0.14766" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 4.1.0.17435 Search vendor "Vmware" for product "Vcenter Server" and version "4.1.0.17435" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 5.0 Search vendor "Vmware" for product "Vcenter Server" and version "5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 5.0 Search vendor "Vmware" for product "Vcenter Server" and version "5.0" | update_1 |
Affected
| ||||||