5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.966 High
EPSS
Percentile
99.6%
a. Directory traversal in third party Jetty Web server componentVMware vSphere Update Manager is an automated patch management solution for VMware ESX hosts and Microsoft virtual machines. Update Manager embeds the Jetty Web server which is a third party component. The way the Jetty Web Server in vSphere Update Manager is configured allows for directory traversal. This issue is a variant of the directory traversal issue that was addressed in earlier versions of vSphere Update Manager. See VMSA-2010-0012 for additional information. VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-4404 to this issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
update manager | lt | Update 2 | |
update manager | lt | Update 4 |