Description

VMware vCenter Server is an advanced server management software that provides a centralized platform for controlling VMware vSphere environments.

VMware vCenter (versions before 6.5u1) is vulnerable to an arbitrary file read vulnerability that allows an unauthenticated attacker to abuse VMware vCenter to read local system files.

Remediation

Upgrade to the latest version of VMware vCenter (this issue was fixed in version 6.5u1).

References

Unauthenticated Arbitrary File Read vulnerability in VMware vCenter

Related Vulnerabilities

WordPress Plugin Image Export Arbitrary File Download (1.1.0)

WordPress Plugin Advanced Classifieds & Directory Pro Local File Inclusion (3.1.3)

WordPress Plugin Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)

WordPress Plugin UpdraftPlus WordPress Backup Multiple Vulnerabilities (1.16.58)

WordPress Plugin WP-Lister Lite for eBay Directory Traversal (2.0.20)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

File Inclusion