Home
HIGH: 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:LDefault status
unaffected
8.0 (custom) before 8.0 U3g
affected
7.0 (custom) before 7.0 U3w
affected
Default status
unaffected
9.x.x.x (custom) before 9.0.1.0
affected
5.x (custom) before 5.2.2
affected
4.5.x
affected
Default status
unaffected
5.x, 4.x, 3.x, 2.x
affected
Default status
unaffected
3.x, 2.x
affected
Default status
unaffected
9.x.x.x (custom) before 9.0.1.0
affected
Description
VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.
Problem types
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Product status
8.0 (custom) before 8.0 U3g
7.0 (custom) before 7.0 U3w
9.x.x.x (custom) before 9.0.1.0
5.x (custom) before 5.2.2
4.5.x
5.x, 4.x, 3.x, 2.x
3.x, 2.x
9.x.x.x (custom) before 9.0.1.0
References
support.broadcom.com/...l/content/SecurityAdvisories/0/36150
