Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties.
Tag: VMSA-2019-0013
ASA-2019-00560 – VMware vCenter Server: Information disclosure vulnerability
VMware vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF.
ASA-2019-00559 – VMware ESXi and VMware vCenter: Information disclosure vulnerability
An information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
ASA-2019-00558 – VMware vSphere ESXi: BusyBox command injection vulnerability
ESXi contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames which may result into executing any escape sequence in the shell.