CVE-2019-5534

EPSS 0.38%
Veröffentlicht 18.09.2019 21:15:13
Zuletzt bearbeitet 21.11.2024 04:45:08
Quelle security@vmware.com
Teams Watchlist Login
Unerledigt Login

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VMware ≫ Vcenter Server Version6.0

VMware ≫ Vcenter Server Version6.0 Updatea

VMware ≫ Vcenter Server Version6.0 Updateb

VMware ≫ Vcenter Server Version6.0 Updateu1

VMware ≫ Vcenter Server Version6.0 Updateu1b

VMware ≫ Vcenter Server Version6.0 Updateu3

VMware ≫ Vcenter Server Version6.0 Updateupdate2

VMware ≫ Vcenter Server Version6.0 Updateupdate2a

VMware ≫ Vcenter Server Version6.0 Updateupdate2m

VMware ≫ Vcenter Server Version6.0 Updateupdate3a

VMware ≫ Vcenter Server Version6.0 Updateupdate3b

VMware ≫ Vcenter Server Version6.0 Updateupdate3c

VMware ≫ Vcenter Server Version6.0 Updateupdate3d

VMware ≫ Vcenter Server Version6.0 Updateupdate3e

VMware ≫ Vcenter Server Version6.0 Updateupdate3f

VMware ≫ Vcenter Server Version6.0 Updateupdate3g

VMware ≫ Vcenter Server Version6.0 Updateupdate3h

VMware ≫ Vcenter Server Version6.0 Updateupdate3i

VMware ≫ Vcenter Server Version6.7

VMware ≫ Vcenter Server Version6.7 Updatea

VMware ≫ Vcenter Server Version6.7 Updateb

VMware ≫ Vcenter Server Version6.7 Updatec

VMware ≫ Vcenter Server Version6.7 Updated

VMware ≫ Vcenter Server Version6.7 Updateupdate1

VMware ≫ Vcenter Server Version6.7 Updateupdate1b

VMware ≫ Vcenter Server Version6.7 Updateupdate2

VMware ≫ Vcenter Server Version6.7 Updateupdate2a

VMware ≫ Vcenter Server Version6.7 Updateupdate2c

VMware ≫ Vcenter Server Version6.5

VMware ≫ Vcenter Server Version6.5 Updatea

VMware ≫ Vcenter Server Version6.5 Updateb

VMware ≫ Vcenter Server Version6.5 Updatec

VMware ≫ Vcenter Server Version6.5 Updated

VMware ≫ Vcenter Server Version6.5 Updateupdate1

VMware ≫ Vcenter Server Version6.5 Updateupdate1b

VMware ≫ Vcenter Server Version6.5 Updateupdate1c

VMware ≫ Vcenter Server Version6.5 Updateupdate1d

VMware ≫ Vcenter Server Version6.5 Updateupdate1e

VMware ≫ Vcenter Server Version6.5 Updateupdate1g

VMware ≫ Vcenter Server Version6.5 Updateupdate2

VMware ≫ Vcenter Server Version6.5 Updateupdate2b

VMware ≫ Vcenter Server Version6.5 Updateupdate2c

VMware ≫ Vcenter Server Version6.5 Updateupdate2d

VMware ≫ Vcenter Server Version6.5 Updateupdate2g

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.587

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html

Third Party Advisory

VDB Entry

https://www.vmware.com/security/advisories/VMSA-2019-0013.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-5534

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5534

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5534

EUVD