WEB APPLICATION VULNERABILITIES Standard & Premium

Unauthenticated Arbitrary File Read vulnerability in VMware vCenter

Description

VMware vCenter Server is an advanced server management software that provides a centralized platform for controlling VMware vSphere environments.

VMware vCenter (versions before 6.5u1) is vulnerable to an arbitrary file read vulnerability that allows an unauthenticated attacker to abuse VMware vCenter to read local system files.

Remediation

Upgrade to the latest version of VMware vCenter (this issue was fixed in version 6.5u1).

References

Unauthenticated Arbitrary File Read vulnerability in VMware vCenter

Related Vulnerabilities

WordPress Plugin Theme Tuner 'tt-abspath' Parameter Remote File Include (0.7)

WordPress 6.5.x Multiple Vulnerabilities (6.5 - 6.5.4)

WordPress Plugin Ninja Forms with File Uploads Extension Multiple Vulnerabilities (3.0.22)

WordPress Plugin File Manager Advanced Shortcode Directory Traversal (2.4)

WordPress Plugin Zedna eBook download Directory Traversal (1.1)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

File Inclusion