VMware vCenter Operations Manager Arbitrary File Upload (VMSA-2012-0013)
Medium Nessus Plugin ID 69101
SynopsisThe remote host has a virtualization appliance installed that is affected by an arbitrary file upload vulnerability.
DescriptionThe version of vCenter Operations Manager installed on the remote host is earlier than 5.0.3. It is, therefore, potentially affected by an arbitrary file upload vulnerability in the Apache Struts component. By exploiting this flaw, a remote, unauthenticated attacker could overwrite arbitrary files on the remote host subject to the privileges of the user running the affected application.
SolutionUpgrade to vCenter Operations Manager 5.0.3 or later.