CVSS: 7.7EPSS: 1%CPEs: 44EXPL: 0CVE-2019-5534 – VMware Security Advisory 2019-0013
https://notcve.org/view.php?id=CVE-2019-5534
18 Sep 2019 — VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). VMware vCenter Server (versi... • http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-4927
https://notcve.org/view.php?id=CVE-2017-4927
17 Nov 2017 — VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. VMware vCenter Server (en versiones 6.5 anteriores a la 6.5 U1 y versiones 6.0 anteriores a la 6.0 U3c) no gestiona correctamente paquetes de red LDAP especialmente manipulados, lo que puede permitir que se provoque una denegación de servicio de forma remota. • http://www.securityfocus.com/bid/101786 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2017-4919
https://notcve.org/view.php?id=CVE-2017-4919
28 Jul 2017 — VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. VMware vCenter Server versiones 5.5, 6.0, 6.5, permite a los usuarios de vSphere con ciertos privilegios de vSphere limitados usar la API VIX para acceder a los Sistemas Operativos Invitados sin la necesidad de autenticarse. • http://www.securityfocus.com/bid/100102 • CWE-306: Missing Authentication for Critical Function •