cpe:/a:vmware:vcenter_server:4.1 CVE-2010-2928 2011-02-15T20:00:02.337-05:00 2011-09-21T23:23:08.053-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2011-02-16T09:07:00.000-05:00 BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX SECUNIA 43307 OSVDB 70859 SREASON 8079 IAVM IAVM:2011-A-0066 CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.