CVE-2019-5532

Опубликовано: 18 сент. 2019

Источник: nvd

CVSS3: 7.7

CVSS2: 4

EPSS Низкий

Описание

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

Ссылки

http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2019-0013.html
Vendor Advisory
http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2019-0013.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:u1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:u1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:u3:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update2m:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3h:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3i:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00463

Низкий

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-4v8m-3x8w-h83j

CVSS3: 7.7

github

больше 3 лет назад

BDU:2020-00051

CVSS3: 7.7

fstec

больше 6 лет назад

Уязвимость средства управления виртуальной инфраструктурой VMware vCenter Server, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю получить доступ к учетным данным пользователя

EPSS

Процентиль: 64%

0.00463

Низкий

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532