PT-2017-16209 · Vmware · Vmware Vcenter Server+1

Published

2017-09-15

Updated

2017-09-21

CVE-2017-4926

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions 6.5 prior to 6.5 U1

Description The issue allows for stored cross-site scripting (XSS), which can be exploited by an attacker with VC user privileges to inject malicious java-scripts. These scripts will be executed when other VC users access the page.

Recommendations For versions 6.5 prior to 6.5 U1, update to version 6.5 U1 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-4926

Affected Products

Vmware Vcenter

Vmware Vcenter Server

PT-2017-16209 · Vmware · Vmware Vcenter Server+1

CVE-2017-4926

Weakness Enumeration

Related Identifiers

Affected Products

References · 5