Information disclosure in Vmware Vcenter

CVE-2011-1788

vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.

Vulnerability class: Information Disclosure

EPSS: 0.001 (18.9th percentile) — read the EPSS interpretation.

Affected products

Vmware Vcenter — versions 4.0, 4.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

47742 (vdb-entry, x_refsource_BID)
[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities (mailing-list, x_refsource_MLIST)
vcenter-soapid-info-disclosure(67304) (vdb-entry, x_refsource_XF)
72179 (x_refsource_OSVDB, vdb-entry)
1025502 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)