CVE-2019-5532

Summary

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

Affected Software

VendorProductVersion RangeStatus
VMwarevCenter Server6.7 prior to 6.7 U3affected
VMwarevCenter Server6.5 prior to 6.5 U3affected
VMwarevCenter Server6.0 prior to 6.0 U3jaffected

Weaknesses

  • Information disclosure vulnerability

ADP Enrichment

CVE Program Container

Additional References

References