VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.9%.
Code Injection
VMware
RCE
Vcenter Chargeback Manager
NVD
Exploit-DB
CVSS 2.0
7.5
EPSS
81.9%
Threat
5.5