PT-2005-4381 · Vmware · Vmware Esx Server

Publicado

2005-12-31

Atualizado

2018-10-30

CVE-2005-3618

CVSS v2.0

7.6

Alta

Vetor

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VMware ESX Server versions 2.0.x through 2.0.1 VMware ESX Server versions 2.1.x through 2.1.2 VMware ESX Server versions 2.x through 2.5.2

Description A cross-site request forgery (CSRF) issue exists in the management interface, allowing remote attackers to perform unauthorized actions as the administrator via URLs. This can be demonstrated using the setUsr operation to change a password.

Recommendations For versions 2.0.x through 2.0.1, update to version 2.0.2 patch 1. For versions 2.1.x through 2.1.2, update to version 2.1.3 patch 1. For versions 2.x through 2.5.2, update to version 2.5.3 patch 2.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-3618

Produtos afetados

Vmware Esx Server

PT-2005-4381 · Vmware · Vmware Esx Server

CVE-2005-3618

Identificadores relacionados

Produtos afetados

Referências · 8