Description

VMware vCenter Server is an advanced server management software that provides a centralized platform for controlling VMware vSphere environments.

VMware vCenter is vulnerable to an arbitrary file read vulnerability that allows an unauthenticated attacker to abuse vcavbootstrap component of VMware vCenter to read local system files or perform SSRF attack.

Remediation

Upgrade to the latest version of VMware vCenter

References

VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability

Related Vulnerabilities

WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)

Webalizer script

WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)

GraphQL Field Suggestions Enabled

Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Information Disclosure SSRF File Inclusion