VMware vCenter Operations Manager Arbitrary File Upload (VMSA-2012-0013)

Medium Nessus Plugin ID 69101


The remote host has a virtualization appliance installed that is affected by an arbitrary file upload vulnerability.


The version of vCenter Operations Manager installed on the remote host is earlier than 5.0.3. It is, therefore, potentially affected by an arbitrary file upload vulnerability in the Apache Struts component. By exploiting this flaw, a remote, unauthenticated attacker could overwrite arbitrary files on the remote host subject to the privileges of the user running the affected application.


Upgrade to vCenter Operations Manager 5.0.3 or later.

See Also


Plugin Details

Severity: Medium

ID: 69101

File Name: vcenter_operations_manager_vmsa_2012-0013.nasl

Version: $Revision: 1.8 $

Type: local

Family: Misc.

Published: 2013/07/29

Modified: 2016/05/09

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/VMware vCenter Operations Manager/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/08/30

Vulnerability Publication Date: 2012/01/03

Reference Information

CVE: CVE-2012-0393

BID: 51257

OSVDB: 78109

VMSA: 2012-0013