Release date: 2012-03-16
Updated on: 2012-03-19
Affected Systems:
VMWare vShield Manager 4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52525
CVE (CAN) ID: CVE-2012-1514
VMware vShield Manager provides role-based access control mechanisms and management delegation within a unified framework. With VMware virtualization security solution, you can manage, deploy, report, record, and integrate third-party security services.
The Web interface of VMware vShield Manager allows users to perform certain operations through HTTP requests without verifying their validity. If you log on to a malicious site, some illegal operations can be performed.
<* Source: Frans Pehrson
Link: http://secunia.com/advisories/48409/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
VMWare
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.vmware.com/security/