Lucene search

[email protected]CVE-2015-4057

HistoryFeb 21, 2017 - 7:59 p.m.

CVE-2015-4057

2017-02-2119:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-4057

vce vision

vmware vcenter

cleartext http response

remote attackers

network sniffing

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.6%

JSON

The “Plug-in for VMware vCenter” in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.

CPENameOperatorVersion
dell:vce_vision_intelligent_operationsdell vce vision intelligent operationsle2.6.4

CPE	Name	Operator	Version
dell:vce_vision_intelligent_operations	dell vce vision intelligent operations	le	2.6.4

References

seclists.org/bugtraq/2015/Jun/91

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for CVE-2015-4057

prion1 cvelist1 securityvulns2