The vulnerability of the h5-vcav-bootstrap-service software, a management software for virtual infrastructure of VMware vCenter Server, allows an attacker to read local files on the server where the vulnerable software is installed. It also enables the attacker to forge requests on the server side and perform XSS attacks.
The vulnerability of the h5-vcav-bootstrap-service plugin in the virtualization infrastructure management software is related to errors in processing relative pathnames to directories. Exploiting this vulnerability allows a malicious actor to read local files on the server where the vulnerable...