CVE-2011-0527
VMware tc Server 2.0.x-2.0.6 & 2.1.x-2.1.2 - Improper Authentication via Obfuscated Password
Title source: llmDescription
VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.springsource.com/security/cve-2011-0527
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49122
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1025923
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0122.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69156
Scores
EPSS
0.0018
EPSS Percentile
39.6%
Details
CWE
CWE-287
Status
published
Products (8)
vmware/tc_server
2.0.0 (2 CPE variants)
vmware/tc_server
2.0.1
vmware/tc_server
2.0.2 (3 CPE variants)
vmware/tc_server
2.0.3
vmware/tc_server
2.0.4
vmware/tc_server
2.0.5 (2 CPE variants)
vmware/tc_server
2.1.0
vmware/tc_server
2.1.1 (2 CPE variants)
Published
Aug 15, 2011
Tracked Since
Feb 18, 2026