CVE-2012-5978
CVE-2012-5978 is a medium-severity vulnerability in Vmware View with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-22.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 3% (85th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-22
- Affected product: Vmware View
- Published:
- Last modified:
Description
Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.
Frequently asked questions
- What is CVE-2012-5978?
- Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.
- How severe is CVE-2012-5978?
- CVE-2012-5978 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2012-5978 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (85th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-5978?
- CVE-2012-5978 primarily affects Vmware View. In total, 9 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2012-5978?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2012-5978 published?
- CVE-2012-5978 was published on 2012-12-19 and last updated on 2026-06-16.
References
- http://www.securitytracker.com/id?1027875
- http://www.vmware.com/security/advisories/VMSA-2012-0017.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17049
Affected products (9)
- cpe:2.3:a:vmware:view:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:view:4.0.0:u2:*:*:*:*:*:*
- cpe:2.3:a:vmware:view:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:view:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:view:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:view:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:view:5.0.0:u2:*:*:*:*:*:*
- cpe:2.3:a:vmware:view:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:view:5.1.0:*:*:*:*:*:*:*
More vulnerabilities in Vmware View
- CVE-2013-1406 — High (CVSS 7.2): The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5…
- CVE-2012-1510 — High (CVSS 7.2): Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View…
- CVE-2012-1509 — High (CVSS 7.2): Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS…
- CVE-2012-1508 — High (CVSS 7.2): The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows…
- CVE-2012-1666 — Medium (CVSS 6.9): Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4,…
- CVE-2012-1511 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to…
All CVEs affecting Vmware View →
Other CWE-22 (Path Traversal) vulnerabilities
- CVE-2026-48282 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted…
- CVE-2026-54917 — Critical (CVSS 10.0): SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the…
- CVE-2026-11429 — Critical (CVSS 10.0): Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file…
- CVE-2026-34909 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to…
- CVE-2026-7411 — Critical (CVSS 10.0): In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel…
- CVE-2026-36767 — Critical (CVSS 10.0): A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary…