CVE-2015-6932

VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: Sep 19, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-6932
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
vmware / vcenter_server	6.0-a	6.0-a.x
vmware / vcenter_server	6.0-b	6.0-b.x
vmware / vcenter_server	5.5-1	5.5-1.x
vmware / vcenter_server	5.5-1a	5.5-1a.x
vmware / vcenter_server	5.5-1b	5.5-1b.x
vmware / vcenter_server	5.5-1c	5.5-1c.x
vmware / vcenter_server	5.5-2	5.5-2.x
vmware / vcenter_server	5.5-2b	5.5-2b.x
vmware / vcenter_server	5.5-2d	5.5-2d.x
vmware / vcenter_server	5.5-2e	5.5-2e.x
vmware / vcenter_server	5.5	5.5.x
vmware / vcenter_server	6.0	6.0.x

http://www.securitytracker.com/id/1033582
http://www.vmware.com/security/advisories/VMSA-2015-0006.html

Vulnerability Database

289,697

CVE-2015-6932