Vulnerability Details : CVE-2012-1513
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2012-1513
Probability of exploitation activity in the next 30 days: 0.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 55 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1513
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2012-1513
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1513
-
http://secunia.com/advisories/48408
Sign in
-
http://www.securitytracker.com/id?1026816
VMware vCenter Orchestrator Discloses Passwords to Remote Authenticated Users - SecurityTracker
-
http://www.vmware.com/security/advisories/VMSA-2012-0005.html
VMSA-2012-0005.4Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74091
VMware vCenter Orchestrator Configuration tool information disclosure CVE-2012-1513 Vulnerability Report
-
http://www.securityfocus.com/bid/52525
Multiple VMware Products Multiple Input Validation Vulnerabilities
Products affected by CVE-2012-1513
- cpe:2.3:a:vmware:vcenter_orchestrator:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_orchestrator:4.1:*:*:*:*:*:*:*