What is the severity of CVE-2019-5531?

CVE-2019-5531 is classified as a high severity information disclosure vulnerability.

How do I fix CVE-2019-5531?

To fix CVE-2019-5531, you should upgrade to the patched versions of VMware ESXi or vCenter Server as mentioned in the advisory.

What versions are affected by CVE-2019-5531?

CVE-2019-5531 affects VMware ESXi 6.7, 6.5, and 6.0, as well as VMware vCenter Server 6.7, 6.5, and 6.0 prior to their respective updates.

Is CVE-2019-5531 remote exploit enabled?

CVE-2019-5531 does not allow for remote exploits but does permit information disclosure.

What types of data could be exposed due to CVE-2019-5531?

CVE-2019-5531 may enable unauthorized users to gain access to sensitive information from affected VMware products.

Vulnerability/
CVE-2019-5531

medium

5.8

CWE

613

18/9/2019

4/8/2024

CVE-2019-5531

First published: Wed Sep 18 2019(Updated: )

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware ESXi	=6.7-670-201811001
VMware ESXi	=6.7
VMware ESXi	=6.7-update_1
VMware ESXi	=6.5-a
VMware ESXi	=6.5-u2
VMware ESXi	=6.5
VMware ESXi	=6.5-650-201810002
VMware ESXi	=6.5-650-201811001
VMware ESXi	=6.5-650-201811002
VMware ESXi	=6.5-650-201901001
VMware ESXi	=6.5-650-201903001
VMware ESXi	=6.5-650-201905001
VMware ESXi	=6.5-update_1
VMware ESXi	=6.0
VMware ESXi	=6.0-600-201810001
VMware ESXi	=6.0-600-201811001
VMware ESXi	=6.0-600-201903001
VMware ESXi	=6.0-600-201905001
VMware ESXi	=6.0-beta
VMware ESXi	=6.0-u1a
VMware ESXi	=6.0-u1b
VMware ESXi	=6.0-u3a
VMware ESXi	=6.0-update_2
VMware ESXi	=6.0-update_3
VMware vCenter	=6.0
VMware vCenter	=6.0-a
VMware vCenter	=6.0-b
VMware vCenter	=6.0-u1
VMware vCenter	=6.0-u1b
VMware vCenter	=6.0-u3
VMware vCenter	=6.0-update2
VMware vCenter	=6.0-update2a
VMware vCenter	=6.0-update2m
VMware vCenter	=6.0-update3a
VMware vCenter	=6.0-update3b
VMware vCenter	=6.0-update3c
VMware vCenter	=6.0-update3d
VMware vCenter	=6.0-update3e
VMware vCenter	=6.0-update3f
VMware vCenter	=6.0-update3g
VMware vCenter	=6.0-update3h
VMware vCenter	=6.0-update3i
VMware vCenter	=6.7
VMware vCenter	=6.7-a
VMware vCenter	=6.7-b
VMware vCenter	=6.7-c
VMware vCenter	=6.7-d
VMware vCenter	=6.7-update1
VMware vCenter	=6.7-update1b
VMware vCenter	=6.7-update2
VMware vCenter	=6.7-update2a
VMware vCenter	=6.7-update2c
VMware vCenter	=6.5
VMware vCenter	=6.5-a
VMware vCenter	=6.5-b
VMware vCenter	=6.5-c
VMware vCenter	=6.5-d
VMware vCenter	=6.5-update1
VMware vCenter	=6.5-update1b
VMware vCenter	=6.5-update1c
VMware vCenter	=6.5-update1d
VMware vCenter	=6.5-update1e
VMware vCenter	=6.5-update1g
VMware vCenter	=6.5-update2
VMware vCenter	=6.5-update2b
VMware vCenter	=6.5-update2c
VMware vCenter	=6.5-update2d
VMware vCenter	=6.5-update2g

Never miss a vulnerability like this again

Reference Links

http://www.vmware.com/security/advisories/VMSA-2019-0013.html

Frequently Asked Questions

What is the severity of CVE-2019-5531?
CVE-2019-5531 is classified as a high severity information disclosure vulnerability.
How do I fix CVE-2019-5531?
To fix CVE-2019-5531, you should upgrade to the patched versions of VMware ESXi or vCenter Server as mentioned in the advisory.
What versions are affected by CVE-2019-5531?
CVE-2019-5531 affects VMware ESXi 6.7, 6.5, and 6.0, as well as VMware vCenter Server 6.7, 6.5, and 6.0 prior to their respective updates.
Is CVE-2019-5531 remote exploit enabled?
CVE-2019-5531 does not allow for remote exploits but does permit information disclosure.
What types of data could be exposed due to CVE-2019-5531?
CVE-2019-5531 may enable unauthorized users to gain access to sensitive information from affected VMware products.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/last-modified-date
agent/author
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/vmware
canonical/vmware esxi
version/vmware esxi/6.7-670-201811001
version/vmware esxi/6.7
version/vmware esxi/6.7-update_1
version/vmware esxi/6.5-a
version/vmware esxi/6.5-u2
version/vmware esxi/6.5
version/vmware esxi/6.5-650-201810002
version/vmware esxi/6.5-650-201811001
version/vmware esxi/6.5-650-201811002
version/vmware esxi/6.5-650-201901001
version/vmware esxi/6.5-650-201903001
version/vmware esxi/6.5-650-201905001
version/vmware esxi/6.5-update_1
version/vmware esxi/6.0
version/vmware esxi/6.0-600-201810001
version/vmware esxi/6.0-600-201811001
version/vmware esxi/6.0-600-201903001
version/vmware esxi/6.0-600-201905001
version/vmware esxi/6.0-beta
version/vmware esxi/6.0-u1a
version/vmware esxi/6.0-u1b
version/vmware esxi/6.0-u3a
version/vmware esxi/6.0-update_2
version/vmware esxi/6.0-update_3
canonical/vmware vcenter
version/vmware vcenter/6.0
version/vmware vcenter/6.0-a
version/vmware vcenter/6.0-b
version/vmware vcenter/6.0-u1
version/vmware vcenter/6.0-u1b
version/vmware vcenter/6.0-u3
version/vmware vcenter/6.0-update2
version/vmware vcenter/6.0-update2a
version/vmware vcenter/6.0-update2m
version/vmware vcenter/6.0-update3a
version/vmware vcenter/6.0-update3b
version/vmware vcenter/6.0-update3c
version/vmware vcenter/6.0-update3d
version/vmware vcenter/6.0-update3e
version/vmware vcenter/6.0-update3f
version/vmware vcenter/6.0-update3g
version/vmware vcenter/6.0-update3h
version/vmware vcenter/6.0-update3i
version/vmware vcenter/6.7
version/vmware vcenter/6.7-a
version/vmware vcenter/6.7-b
version/vmware vcenter/6.7-c
version/vmware vcenter/6.7-d
version/vmware vcenter/6.7-update1
version/vmware vcenter/6.7-update1b
version/vmware vcenter/6.7-update2
version/vmware vcenter/6.7-update2a
version/vmware vcenter/6.7-update2c
version/vmware vcenter/6.5
version/vmware vcenter/6.5-a
version/vmware vcenter/6.5-b
version/vmware vcenter/6.5-c
version/vmware vcenter/6.5-d
version/vmware vcenter/6.5-update1
version/vmware vcenter/6.5-update1b
version/vmware vcenter/6.5-update1c
version/vmware vcenter/6.5-update1d
version/vmware vcenter/6.5-update1e
version/vmware vcenter/6.5-update1g
version/vmware vcenter/6.5-update2
version/vmware vcenter/6.5-update2b
version/vmware vcenter/6.5-update2c
version/vmware vcenter/6.5-update2d
version/vmware vcenter/6.5-update2g