Allele Security Alert
ASA-2019-00561
Identifier(s)
ASA-2019-00561, CVE-2019-5534, VMSA-2019-0013
Title
Information disclosure vulnerability in vAppConfig properties
Vendor(s)
VMware
Product(s)
VMware vCenter Server
Affected version(s)
VMware vCenter Server 6.7 versions before 6.7 U3
VMware vCenter Server 6.5 versions before 6.5 U3
VMware vCenter Server 6.0 versions before 6.0 U3j
Fixed version(s)
VMware vCenter Server 6.7 version 6.7 U3
VMware vCenter Server 6.5 version 6.5 U3
VMware vCenter Server 6.0 version 6.0 U3j
Proof of concept
Unknown
Description
Virtual Machines deployed from an OVF could expose login information via the virtual machine’s vAppConfig properties.
Technical details
Unknown
Credits
Rich Browne (F5 Networks)
Reference(s)
VMSA-2019-0013.1
https://www.vmware.com/security/advisories/VMSA-2019-0013.html
CVE-2019-5534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5534
CVE-2019-5534
https://nvd.nist.gov/vuln/detail/CVE-2019-5534
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 21, 2019