Vigil@nce: Vmware VirtualCenter, information divulgation
August 2008 by Vigil@nce
SYNTHESIS
A local attacker can obtain information on other users.
Gravity: 1/4
Consequences: administrator access/rights
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 14/08/2008
Identifier: VIGILANCE-VUL-8029
IMPACTED PRODUCTS
– VMware ESX Server [confidential versions]
– VMware ESX Server 3i [confidential versions]
– VMware Server [confidential versions]
DESCRIPTION
Vmware VirtualCenter is a virtual server manager.
An attacker without "modification" permission can retrieve
information of other users.
CHARACTERISTICS
Identifiers: BID-30664, CVE-2008-3514, VIGILANCE-VUL-8029, VMSA-2008-0012