Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x prior to 2.0.2 patch 1, 2.1.x prior to 2.1.3 patch 1, and 2.x prior to 2.5.3 patch 2 allows allows remote malicious users to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware esx |