| Vulnerability Name: | CVE-2009-2277 (CCN-57311) | ||||||||
| Assigned: | 2009-07-01 | ||||||||
| Published: | 2010-03-29 | ||||||||
| Updated: | 2017-09-19 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-2277 Source: CCN Type: VMSA-2010-0005 VMware products address vulnerabilities in WebAccess Source: MLIST Type: Patch, Vendor Advisory [security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess Source: CCN Type: SA39171 VMware ESX WebAccess Two Vulnerabilities Source: CCN Type: OSVDB ID: 63512 VMware Multiple Products WebAccess Context Data XSS Source: BID Type: Patch 39037 Source: CCN Type: BID-39037 RETIRED: VMware WebAccess Multiple Vulnerabilities Source: CCN Type: BID-39106 VMware WebAccess '/ui/vmDirect.do' Information Disclosure Vulnerability Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2010-0005.html Source: XF Type: UNKNOWN vmware-webaccess-xss(57311) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7080 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||