CVE-2016-2076

Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.

CVSS v3 7.6 HIGH
CVSS v2.0 6.8 MEDIUM

7.6^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securitytracker.com/id/1035570	Third Party Advisory
http://www.securitytracker.com/id/1035571	Third Party Advisory
http://www.securitytracker.com/id/1035572	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2016-0004.html	Vendor Advisory
http://www.securitytracker.com/id/1035570	Third Party Advisory
http://www.securitytracker.com/id/1035571	Third Party Advisory
http://www.securitytracker.com/id/1035572	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2016-0004.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:vcenter_server::1b::::::*
	cpe:2.3:a:vmware:vcenter_server:5.5:3a::::::
	cpe:2.3:a:vmware:vcenter_server:5.5:3b::::::
	cpe:2.3:a:vmware:vcenter_server:5.5:u3c::::::
	cpe:2.3:a:vmware:vcloud_automation_identity_appliance:6.2.4:::::::*
	cpe:2.3:a:vmware:vcloud_director:5.5.5:::::::*

History

21 Nov 2024, 02:47

Type	Values Removed	Values Added
References	~~() http://www.securitytracker.com/id/1035570 - Third Party Advisory~~	() http://www.securitytracker.com/id/1035570 - Third Party Advisory
References	~~() http://www.securitytracker.com/id/1035571 - Third Party Advisory~~	() http://www.securitytracker.com/id/1035571 - Third Party Advisory
References	~~() http://www.securitytracker.com/id/1035572 - Third Party Advisory~~	() http://www.securitytracker.com/id/1035572 - Third Party Advisory
References	~~() http://www.vmware.com/security/advisories/VMSA-2016-0004.html - Vendor Advisory~~	() http://www.vmware.com/security/advisories/VMSA-2016-0004.html - Vendor Advisory

Information

Published : 2016-04-15 14:59

Updated : 2024-11-21 02:47

NVD link : CVE-2016-2076

Mitre link : CVE-2016-2076

CVE.ORG link : CVE-2016-2076

JSON object : View

Products Affected

vmware

vcloud_automation_identity_appliance
vcloud_director
vcenter_server

CWE

CWE-287

Improper Authentication

7.6 /10