CVE-2019-5534

Опубликовано: 18 сент. 2019

Источник: nvd

CVSS3: 7.7

CVSS2: 4

EPSS Низкий

Описание

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

Ссылки

http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2019-0013.html
Vendor Advisory
http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2019-0013.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:u1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:u1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:u3:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update2m:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3h:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.0:update3i:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.0036

Низкий

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-7cjg-pprv-8vg9

CVSS3: 7.7

github

больше 3 лет назад

BDU:2020-00053

CVSS3: 7.7

fstec

больше 6 лет назад

Уязвимость в свойствах vAppConfig средства управления виртуальной инфраструктурой VMware vCenter Server, позволяющая нарушителю получить доступ к учетным данным пользователя

EPSS

Процентиль: 58%

0.0036

Низкий

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200