This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
A virtualization appliance installed on the remote host is affected
by a cross-site request forgery vulnerability.
The version of VMware vCloud Director installed on the remote host is
5.1.x prior to 5.1.3. It is, therefore, affected by a cross-site
request forgery (XSRF) vulnerability due to an error in HTTP session
management. A remote attacker can exploit this, by convincing a user
to follow specially crafted link, to cause the user to be logged out.
Note that the victimized user would be able to immediately log back
into the system.
See also :
Upgrade to VMware vCloud Director version 5.1.3 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true
Nessus Plugin ID: 72119 ()
Bugtraq ID: 64993
CVE ID: CVE-2014-1211
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.