CVE-2009-1142 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Affected Products (NVD)

Vendor	Product	Version
vmware	open_vm_tools	2009.03.18-154848

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

open-vm-tools

bookworm	2:12.2.0-1+deb12u2 fixed
bookworm (security)	2:12.2.0-1+deb12u2 fixed
bullseye	2:11.2.5-2+deb11u3 fixed
bullseye (security)	2:11.2.5-2+deb11u3 fixed
sid	2:12.4.5-1 fixed
trixie	2:12.4.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

open-vm-tools

bionic	not-affected
focal	not-affected
jammy	not-affected
kinetic	not-affected
trusty	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

https://bugs.gentoo.org/264577

https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848

https://bugs.gentoo.org/264577

https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848