CVE-2011-1788 - OpenCVE

vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Vcenter

Configuration 1 [-]

OR	cpe:2.3:a:vmware:vcenter:4.0:::::::*
	cpe:2.3:a:vmware:vcenter:4.0:update_1::::::
	cpe:2.3:a:vmware:vcenter:4.0:update_2::::::
	cpe:2.3:a:vmware:vcenter:4.1:::::::*

No data.

References

Link	Providers
http://lists.vmware.com/pipermail/security-announce/2011/000137.html
http://osvdb.org/72179
http://securitytracker.com/id?1025502
http://www.securityfocus.com/bid/47742
http://www.vmware.com/security/advisories/VMSA-2011-0008.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/67304

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-05-09T22:00:00

Updated: 2024-08-06T22:37:25.887Z

Reserved: 2011-04-19T00:00:00

Link: CVE-2011-1788

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-05-09T22:55:03.177

Modified: 2017-08-17T01:34:22.713

Link: CVE-2011-1788

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-05-05T00:00:00", "descriptions": [{"lang": "en", "value": "vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "47742", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47742"}, {"name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"}, {"name": "vcenter-soapid-info-disclosure(67304)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67304"}, {"name": "72179", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/72179"}, {"name": "1025502", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025502"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1788", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "47742", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47742"}, {"name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"}, {"name": "vcenter-soapid-info-disclosure(67304)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67304"}, {"name": "72179", "refsource": "OSVDB", "url": "http://osvdb.org/72179"}, {"name": "1025502", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025502"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:37:25.887Z"}, "title": "CVE Program Container", "references": [{"name": "47742", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47742"}, {"name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"}, {"name": "vcenter-soapid-info-disclosure(67304)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67304"}, {"name": "72179", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/72179"}, {"name": "1025502", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025502"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1788", "datePublished": "2011-05-09T22:00:00", "dateReserved": "2011-04-19T00:00:00", "dateUpdated": "2024-08-06T22:37:25.887Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vcenter:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "60B31894-78E7-41A6-857C-D7A0C1C52838", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter:4.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "8087D4A0-D416-4746-8EE6-9833C20B7BE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter:4.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "613AC011-EED1-49C2-9A6B-4C3BF0EBE8EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "15C55340-9A59-4FD6-A6BD-1F68E8FE9692", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors."}, {"lang": "es", "value": "vCenter Server en VMware vCenter v4.0 anterior a la actualizaci\u00f3n 3 y v4.1 anterior a la actualizaci\u00f3n 1 permite a los usuarios locales descubrir el ID de las sesiones SOAP mediante vectores no especificados."}], "id": "CVE-2011-1788", "lastModified": "2017-08-17T01:34:22.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-09T22:55:03.177", "references": [{"source": "cve@mitre.org", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/72179"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1025502"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/47742"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67304"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}