Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2019-5537

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.

  • Published: Oct 28, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-5537
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.9
  • AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
vmware / vcenter_server 6.5-f 6.5-f.x
vmware / vcenter_server 6.5-e 6.5-e.x
vmware / vcenter_server 6.5-d 6.5-d.x
vmware / vcenter_server 6.5-c 6.5-c.x
vmware / vcenter_server 6.5-b 6.5-b.x
vmware / vcenter_server 6.5-a 6.5-a.x
vmware / vcenter_server 6.7-d 6.7-d.x
vmware / vcenter_server 6.7-b 6.7-b.x
vmware / vcenter_server 6.7-a 6.7-a.x
vmware / vcenter_server 6.5 6.5.x
vmware / vcenter_server 6.7 6.7.x
vmware / vcenter_server 6.5-update1 6.5-update1.x
vmware / vcenter_server 6.5-update1c 6.5-update1c.x
vmware / vcenter_server 6.5-update1b 6.5-update1b.x
vmware / vcenter_server 6.5-update3 6.5-update3.x
vmware / vcenter_server 6.5-update1d 6.5-update1d.x
vmware / vcenter_server 6.5-update1e 6.5-update1e.x
vmware / vcenter_server 6.5-update1g 6.5-update1g.x
vmware / vcenter_server 6.5-update2 6.5-update2.x
vmware / vcenter_server 6.5-update2b 6.5-update2b.x
vmware / vcenter_server 6.5-update2c 6.5-update2c.x
vmware / vcenter_server 6.5-update2d 6.5-update2d.x
vmware / vcenter_server 6.5-update2g 6.5-update2g.x
vmware / vcenter_server 6.7-update1 6.7-update1.x
vmware / vcenter_server 6.7-update1b 6.7-update1b.x
vmware / vcenter_server 6.7-update2 6.7-update2.x
vmware / vcenter_server 6.7-update2a 6.7-update2a.x
vmware / vcenter_server 6.7-update2c 6.7-update2c.x
vmware / vcenter_server 6.7-update3 6.7-update3.x