CVE-2017-4923 — Sensitive Information Exposure in Vmware Vcenter Server

CWE-200 — Sensitive Information Exposure CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vcenter Server

Timeline

PublishedAug 1

Latest updateMay 13

Description

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDvmware/vcenter_server6.5

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-29qx-3374-gqm9: VMware vCenter Server (6↗2022-05-13

▶

CVEList

CVE-2017-4923: VMware vCenter Server (6↗2017-08-01

▶