VMware vCenter未授权任意文件读取

Y4er — Wed, 14 Oct 2020 01:09:08 +0000

我们在VMware vCenter中发现了一个未经身份验证的任意文件读取漏洞。 VMware透露此漏洞已在6.5u1中修复，但未分配CVE。

We found an Unauthenticated Arbitrary File Read vulnerability in VMware vCenter. VMware revealed that this vulnerability was patched in 6.5u1, but no CVE was assigned.

The PoC ⬇️ pic.twitter.com/LfvbyBUhF5

— PT SWARM (@ptswarm) October 13, 2020

VMware – ChaBug安全

VMware vCenter未授权任意文件读取