CVSS: 7.7EPSS: 1%CPEs: 44EXPL: 0CVE-2019-5532 – VMware Security Advisory 2019-0013
https://notcve.org/view.php?id=CVE-2019-5532
18 Sep 2019 — VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). VMware vCenter Server (versión 6.7.x anterior ... • http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.7EPSS: 1%CPEs: 44EXPL: 0CVE-2019-5534 – VMware Security Advisory 2019-0013
https://notcve.org/view.php?id=CVE-2019-5534
18 Sep 2019 — VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). VMware vCenter Server (versi... • http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-4943
https://notcve.org/view.php?id=CVE-2017-4943
20 Dec 2017 — VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. VMware vCenter Server Appliance (vCSA) (6.5 anteriores a 6.5 U1d) contiene una vulnerabilidad de escalado de privilegios locales mediante el plugin showlog. La explotación exitosa de esta vulnerabilidad podría resultar en que un usuario poc... • http://www.securitytracker.com/id/1040026 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-4927
https://notcve.org/view.php?id=CVE-2017-4927
17 Nov 2017 — VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. VMware vCenter Server (en versiones 6.5 anteriores a la 6.5 U1 y versiones 6.0 anteriores a la 6.0 U3c) no gestiona correctamente paquetes de red LDAP especialmente manipulados, lo que puede permitir que se provoque una denegación de servicio de forma remota. • http://www.securityfocus.com/bid/101786 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2017-4928
https://notcve.org/view.php?id=CVE-2017-4928
17 Nov 2017 — The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. vSphere Web Client basado en flash(en versiones 6.0 anteriores a la 6.0 U3c y versiones 5.5 anteriores a la 5.5 U3f), es decir, no el nuevo vSphere Client bas... • http://www.securityfocus.com/bid/101785 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4926
https://notcve.org/view.php?id=CVE-2017-4926
15 Sep 2017 — VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. VMware vCenter Server (en versiones 6.5 anteriores a la 6.5 U1) contiene una vulnerabilidad que podría permitir ataques de Cross-Site Scripting (XSS) persistente. Un atacante con privilegios de usuario VC puede inyectar códigos JavaScript maliciosos, que se ... • http://www.securityfocus.com/bid/100844 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4921
https://notcve.org/view.php?id=CVE-2017-4921
01 Aug 2017 — VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation. VMware vCenter Server en su versión 6.5 anterior a la 6.5 U1 tiene un problema de carga insegura de librerías que ocurre porque se utiliza la variable LD_LIBRARY_PATH de una manera no segura. Si se explota con éxi... • http://www.securityfocus.com/bid/100006 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4922
https://notcve.org/view.php?id=CVE-2017-4922
01 Aug 2017 — VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted. VMware vCenter Server en su versión 6.5 anterior a la 6.5 U1 tiene un problema de fuga de información puesto que el script de inicio del servicio utiliza directorios mod... • http://www.securityfocus.com/bid/100012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4923
https://notcve.org/view.php?id=CVE-2017-4923
01 Aug 2017 — VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. VMware vCenter Server en su versión 6.5 anterior a la 6.5 U1 contiene una vulnerabilidad de fuga de información. Esta vulnerabilidad permite que se obtengan credenciales en texto plano cuando se utiliza la función de copia de seguridad de archivos de vCenter Server Appliance. • http://www.securityfocus.com/bid/99997 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2017-4919
https://notcve.org/view.php?id=CVE-2017-4919
28 Jul 2017 — VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. VMware vCenter Server versiones 5.5, 6.0, 6.5, permite a los usuarios de vSphere con ciertos privilegios de vSphere limitados usar la API VIX para acceder a los Sistemas Operativos Invitados sin la necesidad de autenticarse. • http://www.securityfocus.com/bid/100102 • CWE-306: Missing Authentication for Critical Function •