CVE-2008-3514

CVE Database · CVE-2008-3514

CVE-2008-3514

· N/AModified

CVSS v3.1

N/A

EPSS

1.81%

Published

Aug 13, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

Weaknesses (CWE)

CWE-200

Affected Products (6)

vmware · virtualcentervulnerable

References (20)

http://secunia.com/advisories/31468

Vendor Advisory

http://securityreason.com/securityalert/4150

http://www.insomniasec.com/advisories/ISVA-080812.1.htm

http://www.securityfocus.com/archive/1/495386/100/0/threaded

http://www.securityfocus.com/bid/30664

http://www.securitytracker.com/id?1020693

http://www.vmware.com/security/advisories/VMSA-2008-0012.html

PatchVendor Advisory

http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html

http://www.vupen.com/english/advisories/2008/2363

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs