Auth bypass in Vmware Esx

CVE-2013-1405

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 throu…

Vulnerability class: Broken Authentication

EPSS: 0.009 (76.1th percentile) — read the EPSS interpretation.

Affected products

Vmware Esx — versions 3.5, 4.0, 4.1
Vmware Esxi — versions 3.5, 4.0, 4.1
Vmware Vcenter_server — versions 4.0, 4.1
Vmware Vi-client — versions 2.5
Vmware Virtualcenter — versions 2.5
Vmware Vsphere_client — versions 4.0, 4.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)