CVE-2019-5538 — Improper Certificate Validation in Vmware Vcenter Server
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 70.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 28
Latest updateMay 24
Description
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore opera…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-pg6p-7jwx-86vp: Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of↗2022-05-24
CVEList▶
CVE-2019-5538: Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of↗2019-10-28
📋Vendor Advisories
1VMware▶
VMware vCenter Server Appliance updates address sensitive information disclosure vulnerability in backup and restore functions (CVE-2019-5537, CVE-2019-5538)↗2019-10-24