Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.
References
| Link | Resource |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2019-0018.html | Vendor Advisory |
| https://www.vmware.com/security/advisories/VMSA-2019-0018.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:45
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.vmware.com/security/advisories/VMSA-2019-0018.html - Vendor Advisory |
24 Aug 2021, 10:59
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u1b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u1c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u1:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:* |
cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:* |
Information
Published : 2019-10-28 16:15
Updated : 2024-11-21 04:45
NVD link : CVE-2019-5537
Mitre link : CVE-2019-5537
CVE.ORG link : CVE-2019-5537
JSON object : View
Products Affected
vmware
- vcenter_server
CWE
CWE-295
Improper Certificate Validation