11 matches found
CVE-2015-4057
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network...
CVE-2015-4056
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access...
Design/Logic Flaw
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access...
Design/Logic Flaw
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network...
CVE-2015-4056
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access...
CVE-2015-4056
CVE-2015-4056 affects VCE Vision Intelligent Operations prior to 2.6.5, where the System Library uses a weak cryptographic scheme that can allow an authenticated administrator to access sensitive credentials. The issue is documented across multiple sources (NVD, CVE list, and Vulners security adv...
CVE-2015-4057
CVE-2015-4057 affects VCE Vision Intelligent Operations prior to 2.6.5. The Plug-in for VMware vCenter exposes the admin password by returning a cleartext HTTP response when the Settings screen is requested, enabling network sniffing attacks to reveal credentials. The underlying issue is cleartex...
CVE-2015-4057
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network...
VCE Vision Intelligent Operations Information Disclosure Vulnerability (CNVD-2015-03962)
VCE Vision Intelligent Operations is a suite of data center software from VCE that supports data centers across multiple systems. The software provides converged infrastructure management, system health checks, and more. A local security vulnerability exists in VCE Vision Intelligent Operations. ...
VCE Vision Intelligent Operations weak cryptography
Weak cyphers usage, sensitive information transmitted in cleartext...
VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VCE3570: VCE VisionTM Intelligent Operations Cryptographic and Cleartext Vulnerabilities CVE Identifier: CVE-2015-4056, CVE-2015-4057 Severity Rating: CVSSv2 Base Score: See below for individual scores for each CVE Affected products: VCE Vision...