VMware security updates for vCSA, vCenter Server, and ESXi

2012-12-2000:00:00

www.vmware.com

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.094 Low

EPSS

Percentile

94.6%

JSON

a. vCenter Server Appliance directory traversal

The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

CPENameOperatorVersion
vcsalt5.1.0b
vcsalt5.0 Update 2
vcsaltvCSA 5.0 Update 2
esxiltESXi510-201304101
esxiltESXi500-201212101
esxieq4.1
esxieq4.0
vcenter serverlt5.0 Update 2
vcenter serverlt4.1 Update 3

Name	Operator	Version
vcsa	lt	5.1.0b
vcsa	lt	5.0 Update 2
vcsa	lt	vCSA 5.0 Update 2
esxi	lt	ESXi510-201304101
esxi	lt	ESXi500-201212101
esxi	eq	4.1
esxi	eq	4.0
vcenter server	lt	5.0 Update 2
vcenter server	lt	4.1 Update 3