Vulnerability Description
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Virtualcenter | <= 2.0.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31468Vendor Advisory
- http://securityreason.com/securityalert/4150
- http://www.insomniasec.com/advisories/ISVA-080812.1.htm
- http://www.securityfocus.com/archive/1/495386/100/0/threaded
- http://www.securityfocus.com/bid/30664
- http://www.securitytracker.com/id?1020693
- http://www.vmware.com/security/advisories/VMSA-2008-0012.htmlPatchVendor Advisory
- http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html
- http://www.vupen.com/english/advisories/2008/2363Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44425
- http://secunia.com/advisories/31468Vendor Advisory
- http://securityreason.com/securityalert/4150
- http://www.insomniasec.com/advisories/ISVA-080812.1.htm
- http://www.securityfocus.com/archive/1/495386/100/0/threaded
- http://www.securityfocus.com/bid/30664
FAQ
What is CVE-2008-3514?
CVE-2008-3514 is a vulnerability with a CVSS score of 5.0 (MEDIUM). VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user name...
How severe is CVE-2008-3514?
CVE-2008-3514 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3514?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Virtualcenter.