Man-in-the-Middle (MitM)

2023-09-0504:39:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

man-in-the-middle

open-vm-tools

saml token

vmware tools

guest operations

esxi host

0.001 Low

EPSS

Percentile

44.7%

JSON

open-vm-tools is vulnerable to Man-in-the-Middle (MitM) attacks. This vulnerability can be exploited by an attacker with man-in-the-middle (MITM) network positioning between vCenter and the ESXi host hosting the virtual machine to bypass SAML token signature verification, to perform VMware Tools Guest Operations.

CPENameOperatorVersion
open-vm-tools:3.18eq12.2.5-r0
open-vm-tools:3.18eq12.2.0-r0
open-vm-tools:edgeeq12.0.0-r0
open-vm-tools:edgeeq11.3.5-r0
open-vm-tools:edgeeq12.0.5-r1
open-vm-tools:edgeeq11.0.5-r0
open-vm-tools:edgeeq11.2.5-r1
open-vm-tools:edgeeq12.2.0-r0
open-vm-tools:edgeeq12.1.0-r0
open-vm-tools:edgeeq12.2.5-r1

Name	Operator	Version
open-vm-tools:3.18	eq	12.2.5-r0
open-vm-tools:3.18	eq	12.2.0-r0
open-vm-tools:edge	eq	12.0.0-r0
open-vm-tools:edge	eq	11.3.5-r0
open-vm-tools:edge	eq	12.0.5-r1
open-vm-tools:edge	eq	11.0.5-r0
open-vm-tools:edge	eq	11.2.5-r1
open-vm-tools:edge	eq	12.2.0-r0
open-vm-tools:edge	eq	12.1.0-r0
open-vm-tools:edge	eq	12.2.5-r1