Home
HIGH: 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HDefault status
unaffected
8.0 (custom) before 8.0 U3e
affected
7.0 (custom) before 7.0 U3v
affected
Default status
unaffected
5.x, 4.5.x
affected
Default status
unaffected
5.x, 4.x, 3.x, 2.x
affected
Default status
unaffected
3.x, 2.x
affected
Description
The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server.
Problem types
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product status
8.0 (custom) before 8.0 U3e
7.0 (custom) before 7.0 U3v
5.x, 4.5.x
5.x, 4.x, 3.x, 2.x
3.x, 2.x
References
support.broadcom.com/...l/content/SecurityAdvisories/0/25717