3a. VMware ESXi ‘busybox’ command injection vulnerability- CVE-2017-16544
ESXi contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames which may result into executing any escape sequence in the shell. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.
3b. ESXi Host Client, vCenter vSphere Client and vCenter vSphere Web Client information disclosure vulnerability- CVE-2019-5531
An information disclosure vulnerability in clients arising from insufficient session expiration. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2.
3c. VMware vCenter Server information disclosure vulnerability- CVE-2019-5532
VMware vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.
3d. Information disclosure vulnerability in vAppConfig properties - CVE-2019-5534
Virtual Machines deployed from an OVF could expose login information via the virtual machine’s vAppConfig properties. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5534
docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201909001.html
docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u3j-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-esxi-65u3-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u2b-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-671-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-67u2-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-67u3-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u1b-release-notes.html
kb.vmware.com/s/article/53627
kb.vmware.com/s/article/55912
my.vmware.com/group/vmware/details?downloadGroup=VC65U2B&productId=614&rPId=24466
my.vmware.com/group/vmware/details?downloadGroup=VC67U1B&productId=742
my.vmware.com/group/vmware/details?productId=742&downloadGroup=ESXI67U2
my.vmware.com/group/vmware/patch
my.vmware.com/web/vmware/details?downloadGroup=ESXI65U3&productId=614
my.vmware.com/web/vmware/details?downloadGroup=ESXI67U1&productId=742
my.vmware.com/web/vmware/details?downloadGroup=VC60U3J&productId=491
my.vmware.com/web/vmware/details?productId=614&downloadGroup=VC65U3
my.vmware.com/web/vmware/details?productId=742&downloadGroup=ESXI67U3