Kaspersky LabKLA10665KLA10665 Obtain sensitive information vulnerability in VMware vCenter Server
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
29.4%
Improper certificate validation was found in VMware vCenter Server. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a traffic interception.
Technical details
This vulnerability can be exploited when vCenter Server binding to LDAP server via TLS.
Original advisories
Related products
CVE list
CVE-2015-6932 high
Solution
Update to the latest version
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Affected Products
- VMware vCenter Server 6.0 versions earlier than 6.0 update 1VMware vCenter Server 5.5Β versions earlier than 5.5Β updateΒ 3
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
29.4%