CVE-2019-5531

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a users browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
vmwareesxi
6.7:670-201811001
vmwarevsphere_esxi
6.7
vmwarevsphere_esxi
6.7:update_1
vmwarevsphere_esxi
6.5:a
vmwarevsphere_esxi
6.5:u2
vmwarevsphere_esxi
6.5
vmwarevsphere_esxi
6.5:650-201810002
vmwarevsphere_esxi
6.5:650-201811001
vmwarevsphere_esxi
6.5:650-201811002
vmwarevsphere_esxi
6.5:650-201901001
vmwarevsphere_esxi
6.5:650-201903001
vmwarevsphere_esxi
6.5:650-201905001
vmwarevsphere_esxi
6.5:update_1
vmwarevsphere_esxi
6.0
vmwarevsphere_esxi
6.0:600-201810001
vmwarevsphere_esxi
6.0:600-201811001
vmwarevsphere_esxi
6.0:600-201903001
vmwarevsphere_esxi
6.0:600-201905001
vmwarevsphere_esxi
6.0:beta
vmwarevsphere_esxi
6.0:u1a
vmwarevsphere_esxi
6.0:u1b
vmwarevsphere_esxi
6.0:u3a
vmwarevsphere_esxi
6.0:update_2
vmwarevsphere_esxi
6.0:update_3
vmwarevcenter_server
6.0
vmwarevcenter_server
6.0:a
vmwarevcenter_server
6.0:b
vmwarevcenter_server
6.0:u1
vmwarevcenter_server
6.0:u1b
vmwarevcenter_server
6.0:u3
vmwarevcenter_server
6.0:update2
vmwarevcenter_server
6.0:update2a
vmwarevcenter_server
6.0:update2m
vmwarevcenter_server
6.0:update3a
vmwarevcenter_server
6.0:update3b
vmwarevcenter_server
6.0:update3c
vmwarevcenter_server
6.0:update3d
vmwarevcenter_server
6.0:update3e
vmwarevcenter_server
6.0:update3f
vmwarevcenter_server
6.0:update3g
vmwarevcenter_server
6.0:update3h
vmwarevcenter_server
6.0:update3i
vmwarevcenter_server
6.7
vmwarevcenter_server
6.7:a
vmwarevcenter_server
6.7:b
vmwarevcenter_server
6.7:c
vmwarevcenter_server
6.7:d
vmwarevcenter_server
6.7:update1
vmwarevcenter_server
6.7:update1b
vmwarevcenter_server
6.7:update2
vmwarevcenter_server
6.7:update2a
vmwarevcenter_server
6.7:update2c
vmwarevcenter_server
6.5
vmwarevcenter_server
6.5:a
vmwarevcenter_server
6.5:b
vmwarevcenter_server
6.5:c
vmwarevcenter_server
6.5:d
vmwarevcenter_server
6.5:update1
vmwarevcenter_server
6.5:update1b
vmwarevcenter_server
6.5:update1c
vmwarevcenter_server
6.5:update1d
vmwarevcenter_server
6.5:update1e
vmwarevcenter_server
6.5:update1g
vmwarevcenter_server
6.5:update2
vmwarevcenter_server
6.5:update2b
vmwarevcenter_server
6.5:update2c
vmwarevcenter_server
6.5:update2d
vmwarevcenter_server
6.5:update2g
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.vmware.com/security/advisories/VMSA-2019-0013.html
http://www.vmware.com/security/advisories/VMSA-2019-0013.html