Vulnerabilites related to vmware - vcenter_orchestrator
Vulnerability from fkie_nvd
Published
2015-12-21 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_orchestrator | 5.5 | |
| vmware | vcenter_orchestrator | 5.5.1 | |
| vmware | vcenter_orchestrator | 5.5.2 | |
| vmware | vcenter_orchestrator | 5.5.2.1 | |
| vmware | vrealize_orchestrator | 6.0.1 | |
| vmware | vrealize_orchestrator | 6.0.2 | |
| vmware | vrealize_orchestrator | 6.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_orchestrator:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA8621E-77A6-488B-9AD9-760BA5929A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_orchestrator:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3CA0F3-CBC6-4BE5-A9B2-66D4A804ADB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_orchestrator:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE27584A-E01B-47D4-B3FC-13F1214DD33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_orchestrator:5.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "716A6504-42C5-46D1-9671-FEFD15DB77FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_orchestrator:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A41C80-3953-4DAF-BEEE-EA8219C0A861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_orchestrator:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD6B54A-3E65-4D41-AA2A-4F7E37E5EF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_orchestrator:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FED093-4396-4C67-A8DC-343037D7540D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library."
},
{
"lang": "es",
"value": "Interfaces objeto-serializado en VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x y vCenter Application Discovery Manager (vADM) 7.x permiten a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un objeto serializado de Java manipulado, relacionado con la librear\u00eda Apache Commons Collections."
}
],
"id": "CVE-2015-6934",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-21T03:59:00.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79648"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-16 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_orchestrator | 4.0 | |
| vmware | vcenter_orchestrator | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_orchestrator:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8DC824-B337-434F-98E8-D1ED98B3E3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_orchestrator:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84FC9E86-B627-4647-9F33-11B8BD401479",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document."
},
{
"lang": "es",
"value": "La herramienta \"Web Configuration\" en VMWare vCenter Orchestrator (vCO) v4.0 anterior a Update v4, v4.1 anterior a Update v2, y v4.2 anterior a Update v1 situa la contrase\u00f1a vCenter Server en un documento HTML, lo que permite a administradores remotos autenticados obtener informaci\u00f3n delicada mediante la lectura de este fichero."
}
],
"id": "CVE-2012-1513",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-16T20:55:01.113",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80120"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48408"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52525"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026816"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-6934 (GCVE-0-2015-6934)
Vulnerability from cvelistv5
Published
2015-12-21 02:00
Modified
2024-08-06 07:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0009.html"
},
{
"name": "79648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0009.html"
},
{
"name": "79648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0009.html"
},
{
"name": "79648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6934",
"datePublished": "2015-12-21T02:00:00",
"dateReserved": "2015-09-14T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1513 (GCVE-0-2012-1513)
Vulnerability from cvelistv5
Published
2012-03-16 20:00
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52525"
},
{
"name": "48408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48408"
},
{
"name": "80120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80120"
},
{
"name": "1026816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html"
},
{
"name": "vcenter-config-tool-info-disc(74091)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52525"
},
{
"name": "48408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48408"
},
{
"name": "80120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80120"
},
{
"name": "1026816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html"
},
{
"name": "vcenter-config-tool-info-disc(74091)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52525"
},
{
"name": "48408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48408"
},
{
"name": "80120",
"refsource": "OSVDB",
"url": "http://osvdb.org/80120"
},
{
"name": "1026816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026816"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html"
},
{
"name": "vcenter-config-tool-info-disc(74091)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1513",
"datePublished": "2012-03-16T20:00:00",
"dateReserved": "2012-03-08T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}