CVE-2009-0518

2009-04-0615:30:04

CWE-200

[email protected]

web.nvd.nist.gov

cve-2009-0518

vi client

vmware

virtualcenter

esxi 3.5

security vulnerability

password retention

local users

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.

Affected configurations

NVD

Node

vmwarevmware_esxMatch3.5

vmwarevmware_esxiMatch3.5

vmwarevmware_virtualcenterMatch1.1

vmwarevmware_virtualcenterMatch1.2

vmwarevmware_virtualcenterMatch1.3

vmwarevmware_virtualcenterMatch1.3.1

vmwarevmware_virtualcenterMatch1.4

vmwarevmware_virtualcenterMatch1.4.1

CPENameOperatorVersion
vmware:vmware_esxvmware vmware esxeq3.5
vmware:vmware_esxivmware vmware esxieq3.5
vmware:vmware_virtualcentervmware vmware virtualcentereq1.1
vmware:vmware_virtualcentervmware vmware virtualcentereq1.2
vmware:vmware_virtualcentervmware vmware virtualcentereq1.3
vmware:vmware_virtualcentervmware vmware virtualcentereq1.3.1
vmware:vmware_virtualcentervmware vmware virtualcentereq1.4
vmware:vmware_virtualcentervmware vmware virtualcentereq1.4.1

CPE	Name	Operator	Version
vmware:vmware_esx	vmware vmware esx	eq	3.5
vmware:vmware_esxi	vmware vmware esxi	eq	3.5
vmware:vmware_virtualcenter	vmware vmware virtualcenter	eq	1.1
vmware:vmware_virtualcenter	vmware vmware virtualcenter	eq	1.2
vmware:vmware_virtualcenter	vmware vmware virtualcenter	eq	1.3
vmware:vmware_virtualcenter	vmware vmware virtualcenter	eq	1.3.1
vmware:vmware_virtualcenter	vmware vmware virtualcenter	eq	1.4
vmware:vmware_virtualcenter	vmware vmware virtualcenter	eq	1.4.1