CVE-2009-0518

CVE-2009-0518

EPSS 0.3%

VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.vmware.com/pipermail/security-announce/2009/000054.html http://seclists.org/fulldisclosure/2009/Apr/0036.html http://secunia.com/advisories/34585 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6376 http://www.securityfocus.com/bid/34373 http://www.vmware.com/security/advisories/VMSA-2009-0005.html http://www.vupen.com/english/advisories/2009/0944