Information disclosure

2019-09-1821:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.2%

JSON

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine’s vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

CPENameOperatorVersion
vcenter_servereq6.0 u1b
vcenter_servereq6.0 a
vcenter_servereq6.0 b
vcenter_servereq6.0 u1
vcenter_servereq6.0
vcenter_servereq6.0 u3
vcenter_servereq6.0 update3d
vcenter_servereq6.0 update3e
vcenter_servereq6.0 update3f
vcenter_servereq6.0 update3g

Name	Operator	Version
vcenter_server	eq	6.0 u1b
vcenter_server	eq	6.0 a
vcenter_server	eq	6.0 b
vcenter_server	eq	6.0 u1
vcenter_server	eq	6.0
vcenter_server	eq	6.0 u3
vcenter_server	eq	6.0 update3d
vcenter_server	eq	6.0 update3e
vcenter_server	eq	6.0 update3f
vcenter_server	eq	6.0 update3g