CVE-2017-4923

CRITICAL

VMware vCenter Server <6.5 U1 - Info Disclosure

Title source: llm

Description

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99997

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039013

[Patch, Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2017-0013.html

Scores

CVSS v3 9.8

EPSS 0.0081

EPSS Percentile 74.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-200

Status draft

Affected Products (1)

vmware/vcenter_server

Timeline

Published Aug 01, 2017

Tracked Since Feb 18, 2026