CVE-2017-4922: Infoleak
First published: Tue Aug 01 2017(Updated: )
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware vCenter | =6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-4922?
CVE-2017-4922 is classified as a medium severity vulnerability.
How do I fix CVE-2017-4922?
To fix CVE-2017-4922, upgrade VMware vCenter Server to version 6.5 U1 or later.
What type of vulnerability is CVE-2017-4922?
CVE-2017-4922 is an information disclosure vulnerability.
Who is affected by CVE-2017-4922?
CVE-2017-4922 affects VMware vCenter Server 6.5 prior to 6.5 U1.
What can attackers gain from exploiting CVE-2017-4922?
Successful exploitation of CVE-2017-4922 may allow unprivileged host users to access critical information.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware vcenter
- version/vmware vcenter/6.5