CVE-2012-1513

CVE Database · CVE-2012-1513

CVE-2012-1513

· N/AModified

CVSS v3.1

N/A

EPSS

1.21%

Published

Mar 16, 2012

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.

Weaknesses (CWE)

CWE-200

Affected Products (2)

vmware · vcenter_orchestratorvulnerable

References (12)

http://osvdb.org/80120

http://secunia.com/advisories/48408

http://www.securityfocus.com/bid/52525

http://www.securitytracker.com/id?1026816

http://www.vmware.com/security/advisories/VMSA-2012-0005.html

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/74091