Description
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100012
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2017-0013.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039013
Scores
CVSS v3
6.5
EPSS
0.0044
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
vmware/vcenter_server
6.5
Published
Aug 01, 2017
Tracked Since
Feb 18, 2026