PT-2015-4394 · Microsoft · System Center Virtual Machine Manager

Published

2015-02-11

Updated

2018-11-20

CVE-2015-0012

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4

Description The issue allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials. This is due to the software not properly validating the roles of users.

Recommendations For Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-0012

Affected Products

System Center Virtual Machine Manager

PT-2015-4394 · Microsoft · System Center Virtual Machine Manager

CVE-2015-0012

Weakness Enumeration

Related Identifiers

Affected Products

References · 6