Lucene search

K
vmwareVMwareVMSA-2011-0005.3
HistoryMar 14, 2011 - 12:00 a.m.

VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

2011-03-1400:00:00
www.vmware.com
27

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.062 Low

EPSS

Percentile

93.4%

a. Vulnerability in third party Apache Struts componentVMware vCenter Orchestrator is an application to automate management tasks. Alive Enterprise is an application to monitor processes. Both products embed Apache Struts which is a third party component.The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the ‘#’-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated.The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the name CVE-2010-1870 to this vulnerability.VMware would like to thank the Vulnerability Research Team of Digital Defense, Inc. for reporting this issue to us.Apache Struts version 2.0.11 and earlier also contain vulnerabilities which have not been assigned CVE names. This advisory also addresses these vulnerabilities described at the following URLs:

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.062 Low

EPSS

Percentile

93.4%