CVE-2012-1513
VMware vCenter Orchestrator 4.0-4.2 - Authenticated Exposure of Sensitive Information via Web Configuration Tool
Title source: llmDescription
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52525
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48408
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80120
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026816
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2012-0005.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74091
Scores
EPSS
0.0037
EPSS Percentile
59.1%
Details
CWE
CWE-200
Status
published
Products (2)
vmware/vcenter_orchestrator
4.0
vmware/vcenter_orchestrator
4.1
Published
Mar 16, 2012
Tracked Since
Feb 18, 2026