Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-34056
HistoryOct 25, 2023 - 6:17 p.m.

CVE-2023-34056

2023-10-2518:17:27
[email protected]
web.nvd.nist.gov
40
In Wild
37
cve-2023-34056
vcenter server
information disclosure
vulnerability
nvd
unauthorized access

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.0%

JSON

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

Affected configurations

NVD
Node
vmwarevcenter_serverRange4.05.5
OR
vmwarevcenter_serverMatch7.0-
OR
vmwarevcenter_serverMatch7.0a
OR
vmwarevcenter_serverMatch7.0b
OR
vmwarevcenter_serverMatch7.0c
OR
vmwarevcenter_serverMatch7.0d
OR
vmwarevcenter_serverMatch7.0update1
OR
vmwarevcenter_serverMatch7.0update1a
OR
vmwarevcenter_serverMatch7.0update1c
OR
vmwarevcenter_serverMatch7.0update1d
OR
vmwarevcenter_serverMatch7.0update2
OR
vmwarevcenter_serverMatch7.0update2a
OR
vmwarevcenter_serverMatch7.0update2b
OR
vmwarevcenter_serverMatch7.0update2c
OR
vmwarevcenter_serverMatch7.0update2d
OR
vmwarevcenter_serverMatch7.0update3
OR
vmwarevcenter_serverMatch7.0update3a
OR
vmwarevcenter_serverMatch7.0update3c
OR
vmwarevcenter_serverMatch7.0update3d
OR
vmwarevcenter_serverMatch7.0update3e
OR
vmwarevcenter_serverMatch7.0update3f
OR
vmwarevcenter_serverMatch7.0update3g
OR
vmwarevcenter_serverMatch7.0update3h
OR
vmwarevcenter_serverMatch7.0update3i
OR
vmwarevcenter_serverMatch7.0update3j
OR
vmwarevcenter_serverMatch7.0update3k
OR
vmwarevcenter_serverMatch7.0update3l
OR
vmwarevcenter_serverMatch7.0update3m
OR
vmwarevcenter_serverMatch7.0update3n
OR
vmwarevcenter_serverMatch8.0-
OR
vmwarevcenter_serverMatch8.0a
OR
vmwarevcenter_serverMatch8.0b
OR
vmwarevcenter_serverMatch8.0c
OR
vmwarevcenter_serverMatch8.0update1
OR
vmwarevcenter_serverMatch8.0update1a
OR
vmwarevcenter_serverMatch8.0update1b
OR
vmwarevcenter_serverMatch8.0update1c
OR
vmwarevcenter_serverMatch8.0update1d

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "VMware vCenter Server",
    "vendor": "VMware",
    "versions": [
      {
        "lessThan": "8.0U2",
        "status": "affected",
        "version": "8.0",
        "versionType": "8.0U2"
      },
      {
        "lessThan": "7.0U3o",
        "status": "affected",
        "version": "7.0",
        "versionType": "7.0U3o"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "VMware Cloud Foundation (VMware vCenter Server)",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "5.x"
      },
      {
        "status": "affected",
        "version": "4.x"
      }
    ]
  }
]

Social References

More

Related

prion 1
attackerkb 1
cvelist 1
nvd 1
nessus 1
ibm 1
thn 1
hivepro 1
vmware 2
malwarebytes 1
prion
prion
Information disclosure
2023-10-25 18:17:00
attackerkb
attackerkb
CVE-2023-34056
2023-10-25 00:00:00
cvelist
cvelist
CVE-2023-34056 VMware vCenter Server Partial Information Disclosure Vulnerability
2023-10-25 04:24:47
nvd
nvd
CVE-2023-34056
2023-10-25 18:17:27
nessus
nessus
VMware vCenter Server 7.0 < 7.0U3o / 8.0 < 8.0U2 Partial Information Disclosure (VMSA-2023-0023)
2023-10-27 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in VMware affect IBM Cloud Pak System [CVE-2023-34048, CVE-2023-34056]
2024-01-10 08:45:11
thn
thn
Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability
2023-10-25 10:11:00
hivepro
hivepro
Vmware vCenter Flaws Leading to RCE Attacks
2023-10-27 13:16:58
vmware
vmware
VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)
2023-10-25 00:00:00
VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)
2023-10-25 00:00:00
malwarebytes
malwarebytes
Update vCenter Server now! VMWare fixes critical vulnerability
2023-10-25 06:44:54

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.0%

JSON
Related for CVE-2023-34056
prion1attackerkb1cvelist1nvd1nessus1ibm1thn1hivepro1vmware2malwarebytes1