Unrated severityNVD Advisory· Published Nov 19, 2011· Updated Apr 29, 2026

CVE-2011-4404

Description

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.

Affected products

VMware/Vcenter Update Manager6 versions
cpe:2.3:a:vmware:vcenter_update_manager:4.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:vmware:vcenter_update_manager:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_update_manager:4.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_update_manager:4.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_update_manager:4.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_update_manager:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_update_manager:4.1:update_1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.067
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000