CVE-2008-3514

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

Published: Aug 13, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3514
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
vmware / virtualcenter	2.0.2-update_2	2.0.2-update_2.x
vmware / virtualcenter	2.0.2-update_3	2.0.2-update_3.x
vmware / virtualcenter	2.5-update_1	2.5-update_1.x
vmware / virtualcenter	2.0.2	2.0.2.x
vmware / virtualcenter	-	2.0.2.x
vmware / virtualcenter	2.5	2.5.x

http://secunia.com/advisories/31468
http://securityreason.com/securityalert/4150
http://www.insomniasec.com/advisories/ISVA-080812.1.htm
http://www.securityfocus.com/archive/1/495386/100/0/threaded
http://www.securityfocus.com/bid/30664
http://www.securitytracker.com/id?1020693
http://www.vmware.com/security/advisories/VMSA-2008-0012.html
http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html
http://www.vupen.com/english/advisories/2008/2363
https://exchange.xforce.ibmcloud.com/vulnerabilities/44425

Vulnerability Database

289,697

CVE-2008-3514