Information Disclosure Vulnerability in VMware vSphere ESXi and vCenter Server
CVE-2019-5531

5.4MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Vsphere Esxi; Vmware Vcenter Server
Vendor: CVE Published:; 18 September 2019

What is CVE-2019-5531?

VMware vSphere ESXi and vCenter Server contain an information disclosure vulnerability caused by insufficient session expiration. This flaw can allow an attacker with physical access or the capability to mimic a websocket connection to a user’s browser to gain control of a VM Console after the user has logged out or their session has timed out. This necessitates swift updates to mitigate potential unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

VMware vCenter Server 6.7 prior to 6.7 U1b

VMware vCenter Server 6.5 prior to 6.5 U2b

VMware vCenter Server 6.0 prior to 6.0 U3j

References

http://www.vmware.com/security/advisories/VMSA-2019-0013....

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2019
Vulnerability Reserved
Jan 7, 2019

JSON

Vmware