Information Disclosure Vulnerability in VMware vSphere ESXi and vCenter Server
CVE-2019-5531
5.4MEDIUM
Key Information:
- Vendor
Vmware
- Vendor
- CVE Published:
- 18 September 2019
What is CVE-2019-5531?
VMware vSphere ESXi and vCenter Server contain an information disclosure vulnerability caused by insufficient session expiration. This flaw can allow an attacker with physical access or the capability to mimic a websocket connection to a user’s browser to gain control of a VM Console after the user has logged out or their session has timed out. This necessitates swift updates to mitigate potential unauthorized access.
Affected Version(s)
VMware vCenter Server 6.7 prior to 6.7 U1b
VMware vCenter Server 6.5 prior to 6.5 U2b
VMware vCenter Server 6.0 prior to 6.0 U3j