3. VMware vCenter Server Appliance sensitive information disclosure vulnerabilities in File-Based Backup and Restore functions (CVE-2019-5537 and CVE-2019-5538)
Sensitive information disclosure vulnerabilities resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS (CVE-2019-5537) as well as SCP (CVE-2019-5538). VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5538
kb.vmware.com/s/article/75156
my.vmware.com/web/vmware/details?productId=614&rPId=38398&downloadGroup=ESXI65U3D
my.vmware.com/web/vmware/details?productId=742&rPId=38207&downloadGroup=VC67U3a
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N