CVE-2019-5537

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2019-0018.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:vcenter_server:6.5:-::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:a::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:b::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:c::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:d::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:e::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:f::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update1::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update1b::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update1c::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update1d::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update1e::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update1g::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update2::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update2b::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update2c::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update2d::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update2g::::::
	cpe:2.3:a:vmware:vcenter_server:6.5:update3::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:-::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:a::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:b::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:d::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:update1::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:update1b::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:update2::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:update2a::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:update2c::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:update3::::::

History

24 Aug 2021, 10:59

Type	Values Removed	Values Added
CPE	cpe:2.3:a:vmware:vcenter_server:6.7:u1:::::: cpe:2.3:a:vmware:vcenter_server:6.7:u1b:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u2b:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u2c:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u2:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u3:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u1e:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u1b:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u1c:::::: cpe:2.3:a:vmware:vcenter_server:6.7:u2:::::: cpe:2.3:a:vmware:vcenter_server:6.7:u2a:::::: cpe:2.3:a:vmware:vcenter_server:6.7:u3:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u1g:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u1d:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u1:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u2d:::::: cpe:2.3:a:vmware:vcenter_server:6.5:u2g:::::: cpe:2.3:a:vmware:vcenter_server:6.7:u2c::::::	cpe:2.3:a:vmware:vcenter_server:6.5:update1c:::::: cpe:2.3:a:vmware:vcenter_server:6.7:update2c:::::: cpe:2.3:a:vmware:vcenter_server:6.7:update2a:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update1b:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update2b:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update2d:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update1e:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update1g:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update3:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update2g:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update1d:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update1:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update2:::::: cpe:2.3:a:vmware:vcenter_server:6.7:update1b:::::: cpe:2.3:a:vmware:vcenter_server:6.7:update2:::::: cpe:2.3:a:vmware:vcenter_server:6.7:update3:::::: cpe:2.3:a:vmware:vcenter_server:6.7:update1:::::: cpe:2.3:a:vmware:vcenter_server:6.5:update2c::::::

Information

Published : 2019-10-28 16:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-5537

Mitre link : CVE-2019-5537

CVE.ORG link : CVE-2019-5537

JSON object : View

Products Affected

vmware

vcenter_server

CWE

CWE-295

Improper Certificate Validation

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-5537

5.9^/10

4.3^/10

Attach tags to `CVE-2019-5537`