Simplicity Across Clouds Is Rare
91% of executives are looking to improve “consistency across [their] public cloud environments."
Applications Need to Be Modernized
68% of developers want to expand use of modern application frameworks, APIs and services.
Distributed Work Models Are Here to Stay
72% of enterprise employees are working from non-traditional environments.
Security Is a Top-Down Concern
Risk related to security, data and privacy issues remains the #1 multi-cloud challenge.
Get on a Faster Path to Prod
Build and deploy quickly and securely on any public cloud or on-premises Kubernetes cluster.
Simplify Kubernetes Operations
Build and operate a secure, multi-cloud container infrastructure at scale.
Pair with App Development Experts
Unlock value by modernizing your existing apps and building innovative new products.
Scale Your Business & Innovate
Secure, run, and manage modern apps at scale, across clouds with consistent operations, higher speed, and reduced risks.
Accelerate Cloud Transformation
Modernize infrastructure, ops and apps to reduce cross-cloud complexity, lower costs, and improve security.
Empower a Hybrid Workforce
Enable anywhere work with broad effective security, a frictionless employee experience, and reduced cost and complexity.
Run enterprise apps at scale with a consistent cloud infrastructure across public clouds, data centers and edge environments.
Deliver an Engaging Experience
Put employees first with device choice, flexibility, and seamless, consistent, high-quality experiences.
Secure Today’s Anywhere Workspace
Ease the move to Zero Trust with situational intelligence and connected control points.
Automate the Workspace
Manage to outcomes — not tasks — with intelligent compliance, workflow and performance management.
Secure & Connect Workloads
Operationalize consistent security and networking across apps, users, and entities with transparency built into our tools.
Protect APIs — the New Endpoints
Increase app velocity and centrally manage, secure, connect, and govern your clusters no matter where they reside.
Get built-in threat intelligence spanning users, endpoints and networks to evolve your protection in a dynamic landscape.
Deliver security and networking as a built-in distributed service across users, apps, devices, and workloads in any cloud.
Work with a VMware Partner
Partners deliver outcomes with their expertise and VMware technology, creating exceptional value for our mutual customers.
Become a Partner
Together with our partners, VMware is building the new multi-cloud ecosystem positioned to become essential to our customers.
The vCenter Chargeback Manager contains a vulnerability that allows information leakage and denial-of-service.
VMware vCenter Chargeback Manager prior to version 2.0.1
The vCenter Chargeback Manager (CBM) contains a flaw in its handling of XML API requests. This vulnerability allows an unauthenticated remote attacker to download files from the CBM server or conduct a denial-of-service against the server. VMware thanks Joshua Keyes for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1472 to this issue.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware vCenter Chargeback Manager
2012-03-08 VMSA-2012-0002 Initial security advisory in conjunction with the release of CBM 2.0.1 on 2012-03-08.
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
E-mail: security at vmware.com
PGP key at:
VMware Security Advisories
VMware security response policy
General support life cycle policy
VMware Infrastructure support life cycle policy
Copyright 2012 VMware Inc. All rights reserved.