{"api_version":"1","generated_at":"2026-04-23T01:18:33+00:00","cve":"CVE-2008-3514","urls":{"html":"https://cve.report/CVE-2008-3514","api":"https://cve.report/api/cve/CVE-2008-3514.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-3514","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-3514"},"summary":{"title":"CVE-2008-3514","description":"VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side \"enabled/disabled functionality\" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an \"attempt to assign permissions to other system users.\"","state":"PUBLISHED","assigner":"mitre","published_at":"2008-08-13 12:42:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/30664","name":"http://www.securityfocus.com/bid/30664","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware VirtualCenter User Account Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://securityreason.com/securityalert/4150","name":"http://securityreason.com/securityalert/4150","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityReason - VirtualCenter addresses User Account Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html","name":"http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware VirtualCenter 2.0.2 Update 5 Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1020693","name":"http://www.securitytracker.com/id?1020693","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware VirtualCenter Discloses Usernames to Remote Users - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31468","name":"http://secunia.com/advisories/31468","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"VMware VirtualCenter User Account Disclosure - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44425","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44425","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/495386/100/0/threaded","name":"http://www.securityfocus.com/archive/1/495386/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.insomniasec.com/advisories/ISVA-080812.1.htm","name":"http://www.insomniasec.com/advisories/ISVA-080812.1.htm","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Page not found | Insomnia Security","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/2363","name":"http://www.vupen.com/english/advisories/2008/2363","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/security/advisories/VMSA-2008-0012.html","name":"http://www.vmware.com/security/advisories/VMSA-2008-0012.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"VMSA-2008-0012 - VMware","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-3514","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3514","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"3514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"virtualcenter","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"virtualcenter","cpe6":"2.0.2","cpe7":"update_2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"virtualcenter","cpe6":"2.0.2","cpe7":"update_3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"virtualcenter","cpe6":"2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"virtualcenter","cpe6":"2.5","cpe7":"update_1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3514","vulnerable":"1","versionEndIncluding":"2.0.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"virtualcenter","cpe6":"*","cpe7":"update_4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T09:45:18.263Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html"},{"name":"31468","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31468"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/security/advisories/VMSA-2008-0012.html"},{"name":"ADV-2008-2363","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/2363"},{"name":"virtualcenter-backend-info-disclosure(44425)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44425"},{"name":"4150","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/4150"},{"name":"1020693","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1020693"},{"name":"30664","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/30664"},{"name":"20080812 VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/495386/100/0/threaded"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.insomniasec.com/advisories/ISVA-080812.1.htm"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-08-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side \"enabled/disabled functionality\" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an \"attempt to assign permissions to other system users.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-11T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html"},{"name":"31468","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31468"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/security/advisories/VMSA-2008-0012.html"},{"name":"ADV-2008-2363","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/2363"},{"name":"virtualcenter-backend-info-disclosure(44425)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44425"},{"name":"4150","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/4150"},{"name":"1020693","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1020693"},{"name":"30664","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/30664"},{"name":"20080812 VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/495386/100/0/threaded"},{"tags":["x_refsource_MISC"],"url":"http://www.insomniasec.com/advisories/ISVA-080812.1.htm"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-3514","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side \"enabled/disabled functionality\" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an \"attempt to assign permissions to other system users.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html","refsource":"CONFIRM","url":"http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html"},{"name":"31468","refsource":"SECUNIA","url":"http://secunia.com/advisories/31468"},{"name":"http://www.vmware.com/security/advisories/VMSA-2008-0012.html","refsource":"CONFIRM","url":"http://www.vmware.com/security/advisories/VMSA-2008-0012.html"},{"name":"ADV-2008-2363","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/2363"},{"name":"virtualcenter-backend-info-disclosure(44425)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44425"},{"name":"4150","refsource":"SREASON","url":"http://securityreason.com/securityalert/4150"},{"name":"1020693","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1020693"},{"name":"30664","refsource":"BID","url":"http://www.securityfocus.com/bid/30664"},{"name":"20080812 VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/495386/100/0/threaded"},{"name":"http://www.insomniasec.com/advisories/ISVA-080812.1.htm","refsource":"MISC","url":"http://www.insomniasec.com/advisories/ISVA-080812.1.htm"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-3514","datePublished":"2008-08-13T10:00:00.000Z","dateReserved":"2008-08-07T00:00:00.000Z","dateUpdated":"2024-08-07T09:45:18.263Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-08-13 12:42:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:virtualcenter:*:update_4:*:*:*:*:*:*","versionEndIncluding":"2.0.2","matchCriteriaId":"9A3C4612-1A97-4C5B-9B94-41DC11076995"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"EDFF5385-64AA-48AD-A5FE-25918E4F07D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:virtualcenter:2.0.2:update_2:*:*:*:*:*:*","matchCriteriaId":"E15CB55D-DE86-4A1F-90E8-BEC3ABBF256B"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:virtualcenter:2.0.2:update_3:*:*:*:*:*:*","matchCriteriaId":"0CE6C817-1129-4570-9F04-1FC7EA42FBA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*","matchCriteriaId":"D17E8DFD-AC99-45E6-81F9-ED66369FBD0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:virtualcenter:2.5:update_1:*:*:*:*:*:*","matchCriteriaId":"C3AB56C1-35F2-448D-9EB7-35FB4E00C227"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"3514","Ordinal":"1","Title":"CVE-2008-3514","CVE":"CVE-2008-3514","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"3514","Ordinal":"1","NoteData":"VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side \"enabled/disabled functionality\" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an \"attempt to assign permissions to other system users.\"","Type":"Description","Title":"CVE-2008-3514"},{"CveYear":"2008","CveId":"3514","Ordinal":"2","NoteData":"2008-08-13","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"3514","Ordinal":"3","NoteData":"2018-10-11","Type":"Other","Title":"Modified"}]}}}