CVE-2013-5971

medium

Published 2013-10-21 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.vmware.com/security/advisories/VMSA-2013-0012.html

Application impact

Vendor	Product	Versions
vmware	vcenter_server	`{"endIncluding":"5.0"}`
vmware	vcenter_server	`4.0.0.10021`
vmware	vcenter_server	`4.0.0.12305`
vmware	vcenter_server	`4.1`
vmware	vcenter_server	`4.1.0.12319`
vmware	vcenter_server	`4.1.0.14766`
vmware	vcenter_server	`4.1.0.17435`
vmware	vcenter_server	`5.0`

References

http://osvdb.org/98718
http://www.securityfocus.com/bid/63218
http://www.vmware.com/security/advisories/VMSA-2013-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/88134
http://osvdb.org/98718
http://www.securityfocus.com/bid/63218
http://www.vmware.com/security/advisories/VMSA-2013-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/88134

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.