CVE-2013-5971 | Vulnerability Database | Aqua Security

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Vcenter_server	Vmware	*	5.0 (including)
Vcenter_server	Vmware	4.0.0.10021 (including)	4.0.0.10021 (including)
Vcenter_server	Vmware	4.0.0.12305 (including)	4.0.0.12305 (including)
Vcenter_server	Vmware	4.1 (including)	4.1 (including)
Vcenter_server	Vmware	4.1.0.12319 (including)	4.1.0.12319 (including)
Vcenter_server	Vmware	4.1.0.14766 (including)	4.1.0.14766 (including)
Vcenter_server	Vmware	4.1.0.17435 (including)	4.1.0.17435 (including)
Vcenter_server	Vmware	5.0 (including)	5.0 (including)
Vcenter_server	Vmware	5.0-update_1 (including)	5.0-update_1 (including)

References

http://osvdb.org/98718
http://www.securityfocus.com/bid/63218
http://www.vmware.com/security/advisories/VMSA-2013-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/88134

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-5971
CWE	https://cwe.mitre.org/data/definitions/264.html