Path Traversal in Vmware Vcenter

CVE-2011-0426

Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (32.1th percentile) — read the EPSS interpretation.

Affected products

Vmware Vcenter — versions 4.0, 4.1
Vmware Virtualcenter — versions 2.5
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities (Vendor Advisory, mailing-list, x_refsource_MLIST)
1025502 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)