CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-5514

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html
http://www.securityfocus.com/bid/107637
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html
http://www.securityfocus.com/bid/107637
https://www.vmware.com/security/advisories/VMSA-2019-0005.html

Products affected by CVE-2019-5514

Vmware » Fusion » Version: 11.0.0

cpe:2.3:a:vmware:fusion:11.0.0
Vmware » Fusion » Version: 11.0.1

cpe:2.3:a:vmware:fusion:11.0.1
Vmware » Fusion » Version: 11.0.2

cpe:2.3:a:vmware:fusion:11.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-5514

Products

Pricing

Contact Us