7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.094 Low
EPSS
Percentile
94.6%
a. vCenter Server Appliance directory traversal
The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
vcsa | lt | 5.1.0b | |
vcsa | lt | 5.0 Update 2 | |
vcsa | lt | vCSA 5.0 Update 2 | |
esxi | lt | ESXi510-201304101 | |
esxi | lt | ESXi500-201212101 | |
esxi | eq | 4.1 | |
esxi | eq | 4.0 | |
vcenter server | lt | 5.0 Update 2 | |
vcenter server | lt | 4.1 Update 3 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6324
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6325
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6326