7.7

CVE-2019-5534

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

Data is provided by the National Vulnerability Database (NVD)
VMwareVcenter Server Version6.0
VMwareVcenter Server Version6.0 Updatea
VMwareVcenter Server Version6.0 Updateb
VMwareVcenter Server Version6.0 Updateu1
VMwareVcenter Server Version6.0 Updateu1b
VMwareVcenter Server Version6.0 Updateu3
VMwareVcenter Server Version6.0 Updateupdate2
VMwareVcenter Server Version6.0 Updateupdate2a
VMwareVcenter Server Version6.0 Updateupdate2m
VMwareVcenter Server Version6.0 Updateupdate3a
VMwareVcenter Server Version6.0 Updateupdate3b
VMwareVcenter Server Version6.0 Updateupdate3c
VMwareVcenter Server Version6.0 Updateupdate3d
VMwareVcenter Server Version6.0 Updateupdate3e
VMwareVcenter Server Version6.0 Updateupdate3f
VMwareVcenter Server Version6.0 Updateupdate3g
VMwareVcenter Server Version6.0 Updateupdate3h
VMwareVcenter Server Version6.0 Updateupdate3i
VMwareVcenter Server Version6.7
VMwareVcenter Server Version6.7 Updatea
VMwareVcenter Server Version6.7 Updateb
VMwareVcenter Server Version6.7 Updatec
VMwareVcenter Server Version6.7 Updated
VMwareVcenter Server Version6.7 Updateupdate1
VMwareVcenter Server Version6.7 Updateupdate1b
VMwareVcenter Server Version6.7 Updateupdate2
VMwareVcenter Server Version6.7 Updateupdate2a
VMwareVcenter Server Version6.7 Updateupdate2c
VMwareVcenter Server Version6.5
VMwareVcenter Server Version6.5 Updatea
VMwareVcenter Server Version6.5 Updateb
VMwareVcenter Server Version6.5 Updatec
VMwareVcenter Server Version6.5 Updated
VMwareVcenter Server Version6.5 Updateupdate1
VMwareVcenter Server Version6.5 Updateupdate1b
VMwareVcenter Server Version6.5 Updateupdate1c
VMwareVcenter Server Version6.5 Updateupdate1d
VMwareVcenter Server Version6.5 Updateupdate1e
VMwareVcenter Server Version6.5 Updateupdate1g
VMwareVcenter Server Version6.5 Updateupdate2
VMwareVcenter Server Version6.5 Updateupdate2b
VMwareVcenter Server Version6.5 Updateupdate2c
VMwareVcenter Server Version6.5 Updateupdate2d
VMwareVcenter Server Version6.5 Updateupdate2g
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.38% 0.587
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.