CVE-2023-34056

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

Ссылки

https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 5.5 (включая)

cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00256

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-922

Связанные уязвимости

GHSA-6cr3-pfhw-g3c7

CVSS3: 4.3

github

больше 2 лет назад

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

BDU:2023-07141

CVSS3: 4.3

fstec

больше 2 лет назад

Уязвимость программного обеспечения управления виртуальной инфраструктурой VMware vCenter Server, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 49%

0.00256

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-922