Name of the Vulnerable Software and Affected Versions VMware vCenter Server (affected versions not specified)

Description The issue is related to errors in processing relative directory paths in the h5-vcav-bootstrap-service plugin of VMware vCenter Server. This can be exploited by a remote attacker to read local files on the server where the vulnerable software is installed. Additionally, it may allow for server-side request forgery and XSS attacks by sending a specially crafted GET request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.