CVE-2008-3514

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

Published: 2008-08-13 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2008-3514 is rated Moderate Risk (47.9/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.81%). Core evidence: EPSS rose +1.34% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2008-3514

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.47%	1.81%	+1.34%
2	2025-03-17	0.79%	0.47%	-0.31%
3	2025-01-15	—	0.79%	—

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-3514

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	10.0	2.9	[email protected]

Weakness enumeration for CVE-2008-3514

CWE-200 MITRE ↗

NVD evaluator notes for CVE-2008-3514

Solution: Patch information with appropriate login and password: http://www.vmware.com/security/advisories/VMSA-2008-0012.html 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. VirtualCenter ------------- VMware VirtualCenter 2.5 Update 2 build 104263 www.vmware.com/download/download.do DVD iso image md5sum: 83de404fa073bc1fde9acd080f21e688 Zip file md5sum: 3297f1e47c6b018ac8190f11bd022d5b Release Notes www.vmware.com/support/vi3/doc/vi3_esx35u2_vc25u2_rel_notes.html VMware VirtualCenter 2.0.2 Update 5 build 104182 www.vmware.com/downloads/download.do DVD iso image md5sum: 5fee5d2d97b482e0d0cb47da7d8e7c34 Zip file md5sum: cd468aab309745c12ee5516652aafbcb Release Notes www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html

Affected software / configurations for CVE-2008-3514

Vendor	Product	Version	Raw CPE
vmware	virtualcenter	<= 2.0.2	cpe:2.3:a:vmware:virtualcenter::update_4::::::*
vmware	virtualcenter	2.0.2	cpe:2.3:a:vmware:virtualcenter:2.0.2:::::::*
vmware	virtualcenter	2.0.2	cpe:2.3:a:vmware:virtualcenter:2.0.2:update_2::::::
vmware	virtualcenter	2.0.2	cpe:2.3:a:vmware:virtualcenter:2.0.2:update_3::::::
vmware	virtualcenter	2.5	cpe:2.3:a:vmware:virtualcenter:2.5:::::::*
vmware	virtualcenter	2.5	cpe:2.3:a:vmware:virtualcenter:2.5:update_1::::::

References for CVE-2008-3514

URL	Tags
http://secunia.com/advisories/31468	Vendor Advisory
http://securityreason.com/securityalert/4150
http://www.insomniasec.com/advisories/ISVA-080812.1.htm
http://www.securityfocus.com/archive/1/495386/100/0/threaded
http://www.securityfocus.com/bid/30664
http://www.securitytracker.com/id?1020693
http://www.vmware.com/security/advisories/VMSA-2008-0012.html	Patch Vendor Advisory
http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html
http://www.vupen.com/english/advisories/2008/2363	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44425

cvelogic Threat Intelligence