CVE-2023-34056

CWE-9224 documents4 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 58.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vmware Vcenter Server Vmware Vcenter Server Vmware Vmware Cloud Foundation (vmware Vcenter Server)

Timeline

PublishedOct 25

Description

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5vmware/vmware_vcenter_server8.0 — 8.0U2+1

▶NVDvmware/vcenter_server4.0 — 5.5+2

▶CVEListV5vmware/vmware_cloud_foundation_(vmware_vcenter_server)4.x, 5.x+1

🔴Vulnerability Details

GHSA

GHSA-6cr3-pfhw-g3c7: vCenter Server contains a partial information disclosure vulnerability↗2023-10-25

▶

CVEList

VMware vCenter Server Partial Information Disclosure Vulnerability↗2023-10-25

▶

📋Vendor Advisories

VMware

VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)↗2023-10-25

▶