8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.6%
3a. VMware ESXi ‘busybox’ command injection vulnerability- CVE-2017-16544
ESXi contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames which may result into executing any escape sequence in the shell. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.
3b. ESXi Host Client, vCenter vSphere Client and vCenter vSphere Web Client information disclosure vulnerability- CVE-2019-5531
An information disclosure vulnerability in clients arising from insufficient session expiration. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2.
3c. VMware vCenter Server information disclosure vulnerability- CVE-2019-5532
VMware vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.
3d. Information disclosure vulnerability in vAppConfig properties - CVE-2019-5534
Virtual Machines deployed from an OVF could expose login information via the virtual machine’s vAppConfig properties. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5534
docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201909001.html
docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u3j-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-esxi-65u3-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u2b-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-671-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-67u2-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-67u3-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u1b-release-notes.html
kb.vmware.com/s/article/53627
kb.vmware.com/s/article/55912
my.vmware.com/group/vmware/details?downloadGroup=VC65U2B&productId=614&rPId=24466
my.vmware.com/group/vmware/details?downloadGroup=VC67U1B&productId=742
my.vmware.com/group/vmware/details?productId=742&downloadGroup=ESXI67U2
my.vmware.com/group/vmware/patch
my.vmware.com/web/vmware/details?downloadGroup=ESXI65U3&productId=614
my.vmware.com/web/vmware/details?downloadGroup=ESXI67U1&productId=742
my.vmware.com/web/vmware/details?downloadGroup=VC60U3J&productId=491
my.vmware.com/web/vmware/details?productId=614&downloadGroup=VC65U3
my.vmware.com/web/vmware/details?productId=742&downloadGroup=ESXI67U3
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.6%