PT-2023-6177 · Netapp · Snapcenter Plugin For Vmware Vsphere

Oded Weissman

Publicado

2023-02-28

Atualizado

2023-10-18

CVE-2023-27312

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SnapCenter Plugin for VMware vSphere versions 4.6 through 4.8

Description The issue is related to insufficient access control in the SnapCenter Plugin for VMware vSphere, which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.

Recommendations For versions 4.6 through 4.8, update to version 4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the email and snapshot name settings within the VMware vSphere user interface until a patch is available.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-250CWE-264CWE-269

Identificadores relacionados

BDU:2023-06886

CVE-2023-27312

Produtos afetados

Snapcenter Plugin For Vmware Vsphere

PT-2023-6177 · Netapp · Snapcenter Plugin For Vmware Vsphere

CVE-2023-27312

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9