PT-2023-6177 · Netapp · Snapcenter Plugin For Vmware Vsphere
Oded Weissman
·
Published
2023-02-28
·
Updated
2023-10-18
·
CVE-2023-27312
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SnapCenter Plugin for VMware vSphere versions 4.6 through 4.8
Description
The issue is related to insufficient access control in the SnapCenter Plugin for VMware vSphere, which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.
Recommendations
For versions 4.6 through 4.8, update to version 4.9 or later to resolve the issue.
As a temporary workaround, consider restricting access to the email and snapshot name settings within the VMware vSphere user interface until a patch is available.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Snapcenter Plugin For Vmware Vsphere