A vulnerability exists in the properties of the vAppConfig component of the VMware vCenter Server management tool, which allows an attacker to access user credentials.

The vulnerability in the vAppConfig properties of the VMware vCenter Server management tool is related to insufficient protection for registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to user registration data...

CVE-2019-5534

VMware vCenter Server 6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to...

CVE-2019-5534

Summary (CVE-2019-5534): VMware vCenter Server and related ESXi/Vsphere components are affected by an information-disclosure issue in OVF deployments, where vAppConfig properties can reveal credentials (typically root) used to deploy the OVF. A malicious actor with access to query these vAppConfi...

VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534)

3a. VMware ESXi 'busybox' command injection vulnerability- CVE-2017-16544 ESXi contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames which may result into executing any escape sequence in the shell. VMware has evaluated the...