CVE-2019-5531
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
VMware vSphere ESXi (6.7 anterior a la versión ESXi670-201810101-SG, 6.5 anterior a la versión ESXi650-201811102-SG y 6.0 anterior a la verisón ESXi600-201807103-SG) y VMware vCenter Server (6.7 anterior a 6.7 U1b, 6.5 anterior de 6.5 U2b, y 6.0 anterior a 6.0 U3j) contiene una vulnerabilidad de divulgación de información en clientes que surge de una caducidad de sesión insuficiente. Un atacante con acceso físico o la capacidad de imitar una conexión websocket al navegador de un usuario puede obtener el control de una consola VM después de que el usuario haya cerrado sesión o su sesión haya caducado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-07 CVE Reserved
- 2019-09-18 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-613: Insufficient Session Expiration
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
http://www.vmware.com/security/advisories/VMSA-2019-0013.html | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.7 Search vendor "Vmware" for product "Esxi" and version "6.7" | 670-201811001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.7 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.7 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7" | update_1 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | u2 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201810002 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201811001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201811002 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201901001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201903001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201905001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | update_1 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | 600-201810001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | 600-201811001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | 600-201903001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | 600-201905001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | beta |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | u1a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | u1b |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | u3a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | update_2 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | update_3 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | b |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | u1 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | u1b |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | u3 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update2 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update2a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update2m |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3b |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3c |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3d |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3e |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3f |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3g |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3h |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3i |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | b |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | c |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | d |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update1 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update1b |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update2 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update2a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update2c |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | b |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | c |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | d |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1b |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1c |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1d |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1e |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1g |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2b |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2c |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2d |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2g |
Affected
|