CVE-2019-5532
First published: Wed Sep 18 2019(Updated: )
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware vCenter Server | =6.0 | |
| VMware vCenter Server | =6.0-a | |
| VMware vCenter Server | =6.0-b | |
| VMware vCenter Server | =6.0-u1 | |
| VMware vCenter Server | =6.0-u1b | |
| VMware vCenter Server | =6.0-u3 | |
| VMware vCenter Server | =6.0-update2 | |
| VMware vCenter Server | =6.0-update2a | |
| VMware vCenter Server | =6.0-update2m | |
| VMware vCenter Server | =6.0-update3a | |
| VMware vCenter Server | =6.0-update3b | |
| VMware vCenter Server | =6.0-update3c | |
| VMware vCenter Server | =6.0-update3d | |
| VMware vCenter Server | =6.0-update3e | |
| VMware vCenter Server | =6.0-update3f | |
| VMware vCenter Server | =6.0-update3g | |
| VMware vCenter Server | =6.0-update3h | |
| VMware vCenter Server | =6.0-update3i | |
| VMware vCenter Server | =6.7 | |
| VMware vCenter Server | =6.7-a | |
| VMware vCenter Server | =6.7-b | |
| VMware vCenter Server | =6.7-c | |
| VMware vCenter Server | =6.7-d | |
| VMware vCenter Server | =6.7-update1 | |
| VMware vCenter Server | =6.7-update1b | |
| VMware vCenter Server | =6.7-update2 | |
| VMware vCenter Server | =6.7-update2a | |
| VMware vCenter Server | =6.7-update2c | |
| VMware vCenter Server | =6.5 | |
| VMware vCenter Server | =6.5-a | |
| VMware vCenter Server | =6.5-b | |
| VMware vCenter Server | =6.5-c | |
| VMware vCenter Server | =6.5-d | |
| VMware vCenter Server | =6.5-update1 | |
| VMware vCenter Server | =6.5-update1b | |
| VMware vCenter Server | =6.5-update1c | |
| VMware vCenter Server | =6.5-update1d | |
| VMware vCenter Server | =6.5-update1e | |
| VMware vCenter Server | =6.5-update1g | |
| VMware vCenter Server | =6.5-update2 | |
| VMware vCenter Server | =6.5-update2b | |
| VMware vCenter Server | =6.5-update2c | |
| VMware vCenter Server | =6.5-update2d | |
| VMware vCenter Server | =6.5-update2g |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-5532?
CVE-2019-5532 is a vulnerability in VMware vCenter Server that allows for information disclosure due to the logging of credentials in plain-text for virtual machines deployed through OVF.
How severe is CVE-2019-5532?
CVE-2019-5532 is considered a high severity vulnerability with a CVSS score of 7.7.
Which versions of VMware vCenter Server are affected by CVE-2019-5532?
Versions 6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3, and 6.0 prior to 6.0 U3j of VMware vCenter Server are affected by CVE-2019-5532.
How can I fix CVE-2019-5532?
To fix CVE-2019-5532, update your VMware vCenter Server to version 6.7 U3, 6.5 U3, or 6.0 U3j.
Where can I find more information about CVE-2019-5532?
More information about CVE-2019-5532 can be found in the following references: [Link 1](http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html), [Link 2](https://www.vmware.com/security/advisories/VMSA-2019-0013.html).
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- vendor/vmware
- canonical/vmware vcenter server
- version/vmware vcenter server/6.0
- version/vmware vcenter server/6.0-a
- version/vmware vcenter server/6.0-b
- version/vmware vcenter server/6.0-u1
- version/vmware vcenter server/6.0-u1b
- version/vmware vcenter server/6.0-u3
- version/vmware vcenter server/6.0-update2
- version/vmware vcenter server/6.0-update2a
- version/vmware vcenter server/6.0-update2m
- version/vmware vcenter server/6.0-update3a
- version/vmware vcenter server/6.0-update3b
- version/vmware vcenter server/6.0-update3c
- version/vmware vcenter server/6.0-update3d
- version/vmware vcenter server/6.0-update3e
- version/vmware vcenter server/6.0-update3f
- version/vmware vcenter server/6.0-update3g
- version/vmware vcenter server/6.0-update3h
- version/vmware vcenter server/6.0-update3i
- version/vmware vcenter server/6.7
- version/vmware vcenter server/6.7-a
- version/vmware vcenter server/6.7-b
- version/vmware vcenter server/6.7-c
- version/vmware vcenter server/6.7-d
- version/vmware vcenter server/6.7-update1
- version/vmware vcenter server/6.7-update1b
- version/vmware vcenter server/6.7-update2
- version/vmware vcenter server/6.7-update2a
- version/vmware vcenter server/6.7-update2c
- version/vmware vcenter server/6.5
- version/vmware vcenter server/6.5-a
- version/vmware vcenter server/6.5-b
- version/vmware vcenter server/6.5-c
- version/vmware vcenter server/6.5-d
- version/vmware vcenter server/6.5-update1
- version/vmware vcenter server/6.5-update1b
- version/vmware vcenter server/6.5-update1c
- version/vmware vcenter server/6.5-update1d
- version/vmware vcenter server/6.5-update1e
- version/vmware vcenter server/6.5-update1g
- version/vmware vcenter server/6.5-update2
- version/vmware vcenter server/6.5-update2b
- version/vmware vcenter server/6.5-update2c
- version/vmware vcenter server/6.5-update2d
- version/vmware vcenter server/6.5-update2g