ASA-2019-00560 – VMware vCenter Server: Information disclosure vulnerability


Allele Security Alert

ASA-2019-00560

Identifier(s)

ASA-2019-00560, CVE-2019-5532, VMSA-2019-0013

Title

Information disclosure vulnerability

Vendor(s)

VMware

Product(s)

VMware vCenter Server

Affected version(s)

VMware vCenter Server 6.7 versions before 6.7 U3
VMware vCenter Server 6.5 versions before 6.5 U3
VMware vCenter Server 6.0 versions before 6.0 U3j

Fixed version(s)

VMware vCenter Server 6.7 version 6.7 U3
VMware vCenter Server 6.5 version 6.5 U3
VMware vCenter Server 6.0 version 6.0 U3j

Proof of concept

Unknown

Description

VMware vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF.

Technical details

Unknown

Credits

Ola Beyioku

Reference(s)

VMSA-2019-0013.1
https://www.vmware.com/security/advisories/VMSA-2019-0013.html

CVE-2019-5532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5532

CVE-2019-5532
https://nvd.nist.gov/vuln/detail/CVE-2019-5532

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 21, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.