An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e.
APACHE JMETER 2.8 CODE
A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller).
0 kommentar(er)
