|
|
|
|
| |
Credit:
The information has been provided by Edward Torkington, Claudio Criscione, Alexey Sintsov, Frans Pehrson.
The original article can be found at: http://www.securityfocus.com/bid/52525
|
| |
Vulnerable Systems:
* VMWare vSphere 5.0
* VMWare vSphere 4.1
* VMWare vShield Manager 4.1 for Linux
* VMWare vShield Manager 4.0 for Linux
* VMWare vCenter Orchestrator 4.2 for Windows
* VMWare vCenter Orchestrator 4.1 for Windows
* VMWare vCenter Orchestrator 4.0 for Windows
Immune Systems:
* VMWare vSphere 5.0 Update 1
* VMWare vSphere 4.1 Update 2
* VMWare vShield Manager 4.1.0 Update 2 for Linux
* VMWare vShield Manager 1.0.1 Update 2 for Linux
* VMWare vCenter Orchestrator 4.2 Update 1 for Windows
* VMWare vCenter Orchestrator 4.1 Update 2 for Windows
* VMWare vCenter Orchestrator 4.0 Update 4 for Windows
An attacker can exploit these issues to steal cookie-based authentication credentials, perform unauthorized actions in the context of a user's session, or disclose sensitive-information.
Vendor Status:
VMware had issued an update for this vulnerability
Patch Availability:
http://www.vmware.com/security/advisories/VMSA-2012-0005.html
CVE Information:
CVE-2012-1512
CVE-2012-1513
CVE-2012-1514
Disclosure Timeline:
Issue date: 2012-03-15
Updated on: 2012-03-15 (initial advisory)
|
|
|
|
|
