CVE-2015-6932Vmware Vcenter Server vulnerability

CWE-3103 documents3 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 61.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Vcenter Server
Timeline
PublishedSep 18
Latest updateMay 13

Description

VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDvmware/vcenter_server5.5, 6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-g328-m8jq-63j6: VMware vCenter Server 52022-05-13
CVEList
CVE-2015-6932: VMware vCenter Server 52015-09-18
CVE-2015-6932 — Vmware Vcenter Server vulnerability | cvebase