Detections
Analytics
VMware vCenter Operations Manager Arbitrary File Upload (VMSA-2012-0013)
medium Nessus Plugin ID 69101
Language:
Synopsis
The remote host has a virtualization appliance installed that is affected by an arbitrary file upload vulnerability.Description
The version of vCenter Operations Manager installed on the remote host is earlier than 5.0.3. It is, therefore, potentially affected by an arbitrary file upload vulnerability in the Apache Struts component. By exploiting this flaw, a remote, unauthenticated attacker could overwrite arbitrary files on the remote host subject to the privileges of the user running the affected application.Solution
Upgrade to vCenter Operations Manager 5.0.3 or later.See Also
http://www.vmware.com/security/advisories/VMSA-2012-0013.html
Plugin Details
Severity: Medium
ID: 69101
File Name: vcenter_operations_manager_vmsa_2012-0013.nasl
Version: 1.9
Type: local
Family: Misc.
Published: 7/29/2013
Updated: 8/6/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P
Vulnerability Information
Required KB Items: Host/VMware vCenter Operations Manager/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/30/2012
Vulnerability Publication Date: 1/3/2012
Reference Information
CVE: CVE-2012-0393
BID: 51257
VMSA: 2012-0013