CVE-2017-4927

EPSS 1.42%
Published 17.11.2017 14:29:00
Last modified 20.04.2025 01:37:25
Source security@vmware.com
Teams watchlist Login
Open Login

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Vcenter Server Version >= 6.0 < 6.0_u3c

VMware ≫ Vcenter Server Version >= 6.5 < 6.5_u1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.42%	0.788

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

http://www.securityfocus.com/bid/101786

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039759

Third Party Advisory

VDB Entry

https://www.vmware.com/security/advisories/VMSA-2017-0017.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-4927

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4927

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4927

EUVD