CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-5537

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.2%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

https://www.vmware.com/security/advisories/VMSA-2019-0018.html
https://www.vmware.com/security/advisories/VMSA-2019-0018.html

Products affected by CVE-2019-5537

Vmware » Vcenter Server » Version: 6.5

cpe:2.3:a:vmware:vcenter_server:6.5
Vmware » Vcenter Server » Version: 6.7

cpe:2.3:a:vmware:vcenter_server:6.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-5537

Products

Pricing

Contact Us