VMware vCenter Chargeback Manager Information Leak and Denial of Service

2012-03-08T00:00:00
ID VMSA-2012-0002
Type vmware
Reporter VMware
Modified 2012-03-08T00:00:00

Description

The vCenter Chargeback Manager (CBM) contains a flaw in its handling of XML API requests. This vulnerability allows an unauthenticated remote attacker to download files from the CBM server or conduct a denial-of-service against the server. VMware thanks Joshua Keyes for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1472 to this issue.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.