Free Trial

VMware ESXi and vCenter updates address multiple vulnerabilities

http://annedickson.co.uk/talking-points/the-price-women-pay/?moderation-hash=efd0f87e4f52a50665c0c47fb92f73d9 Overview :
VMware vSphere ESXi (6.7 prior to ESXi670-201904101-SG, 6.5 prior to ESXi650-201907101-SG, 6.0 prior to ESXi600-201909001) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
buy Neurontin overnight delivery Affected Product(s) :
  • VMware vSphere ESXi (ESXi)
  • VMware vCenter Server (vCenter)
Vulnerability Details :
CVE ID : CVE-2019-5534
VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.
Virtual Machines deployed from an OVF could expose login information via the virtual machine’s vAppConfig properties.
CVE ID : CVE-2019-5532
VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.
VMware vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF.
CVE ID : CVE-2019-5531
VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2.
An information disclosure vulnerability in clients arising from insufficient session expiration.

Solution : update/upgrade to the latest versions listed in the site.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-6121 : NI SYSTEMLINK SERVER/FLEXLOGGER REDIS VULNERABLE THIRD-PARTY COMPONENT

CVE-2024-6121 : NI SYSTEMLINK SERVER/FLEXLOGGER REDIS VULNERABLE THIRD-PARTY COMPONENT

Description An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects

Learn more
CVE-2024-40634 : ARGOPROJ ARGO-CD UP TO 2.9.19/2.10.14/2.11.5 /API/WEBHOOK RESOURCE CONSUMPTION

CVE-2024-40634 : ARGOPROJ ARGO-CD UP TO 2.9.19/2.10.14/2.11.5 /API/WEBHOOK RESOURCE CONSUMPTION

Description Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo

Learn more
CVE-2024-39685 : FISHAUDIO BERT-VITS2 UP TO 2.3 RESAMPLE DATA_DIR OS COMMAND INJECTION

CVE-2024-39685 : FISHAUDIO BERT-VITS2 UP TO 2.3 RESAMPLE DATA_DIR OS COMMAND INJECTION

Description Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in

Learn more