7 High
AI Score
Confidence
Low
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.033 Low
EPSS
Percentile
91.2%
Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.
CPE | Name | Operator | Version |
---|---|---|---|
vmware:esx | vmware esx | lt | 2.0.2 |
vmware:esx | vmware esx | lt | 2.5.3 |
vmware:esx | vmware esx | lt | 2.1.3 |