ID UB:CVE-2012-3241Type ubuntucveReporter ubuntu.comModified 2012-07-17T00:00:00
Description
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not
properly authenticate SOAP requests, which allows remote attackers to
execute arbitrary VMware Broker API commands.
Notes
Author| Notesbeattie | based on code inspection, it does not look like we ship the VMWare Broker in our eucalyptus packages
{"id": "UB:CVE-2012-3241", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2012-3241", "description": "The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not\nproperly authenticate SOAP requests, which allows remote attackers to\nexecute arbitrary VMware Broker API commands.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | based on code inspection, it does not look like we ship the VMWare Broker in our eucalyptus packages\n", "published": "2012-07-17T00:00:00", "modified": "2012-07-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2012-3241", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3241", "http://www.eucalyptus.com/eucalyptus-cloud/security/esa-04", "http://secunia.com/advisories/49916", "http://secunia.com/advisories/49912", "https://nvd.nist.gov/vuln/detail/CVE-2012-3241", "https://launchpad.net/bugs/cve/CVE-2012-3241", "https://security-tracker.debian.org/tracker/CVE-2012-3241"], "cvelist": ["CVE-2012-3241"], "immutableFields": [], "lastseen": "2021-11-22T21:55:12", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3241"]}], "rev": 4}, "score": {"value": 6.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-3241"]}]}, "exploitation": null, "vulnersScore": 6.2}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "eucalyptus"}], "bugs": [], "_state": {"dependencies": 1645932263}}
{"cve": [{"lastseen": "2022-03-23T12:33:25", "description": "The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands.", "cvss3": {}, "published": "2012-07-17T21:55:00", "type": "cve", "title": "CVE-2012-3241", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3241"], "modified": "2012-07-18T04:00:00", "cpe": ["cpe:/a:eucalyptus:eucalyptus:2.0.3", "cpe:/a:eucalyptus:eucalyptus:3.0.1"], "id": "CVE-2012-3241", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3241", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:eucalyptus:eucalyptus:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:eucalyptus:eucalyptus:3.0.1:*:*:*:*:*:*:*"]}]}
