CVE-2008-3514

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

Link	Resource
http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html
http://www.securityfocus.com/bid/30664
http://secunia.com/advisories/31468	Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0012.html	Patch Vendor Advisory
http://www.insomniasec.com/advisories/ISVA-080812.1.htm
http://www.securitytracker.com/id?1020693
http://securityreason.com/securityalert/4150
http://www.vupen.com/english/advisories/2008/2363	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44425
http://www.securityfocus.com/archive/1/495386/100/0/threaded

Configuration 1

cpe:2.3:a:vmware:virtualcenter:2.0.2:update_2:*:*:*:*:*:* cpe:2.3:a:vmware:virtualcenter:2.0.2:update_3:*:*:*:*:*:* cpe:2.3:a:vmware:virtualcenter:2.5:update_1:*:*:*:*:*:* cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:virtualcenter:*:update_4:*:*:*:*:*:* cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*

---

Published : 2008-08-13 12:42

Updated : 2018-10-11 08:48

---

NVD link : CVE-2008-3514

Mitre link : CVE-2008-3514

No products.

CWE-200