Vulnerabilities > Vmware > Vcenter Server > 6.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-18 | CVE-2019-5531 | Insufficient Session Expiration vulnerability in VMWare Esxi, Vcenter Server and Vsphere Esxi VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. | 5.4 |
| 2019-09-18 | CVE-2019-5534 | Insufficiently Protected Credentials vulnerability in VMWare Vcenter Server 6.0/6.5/6.7 VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. | 7.7 |
| 2019-09-18 | CVE-2019-5532 | Information Exposure Through Log Files vulnerability in VMWare Vcenter Server 6.0/6.5/6.7 VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. | 7.7 |
| 2017-12-20 | CVE-2017-4943 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. | 7.8 |
| 2017-11-17 | CVE-2017-4927 | LDAP Injection vulnerability in VMWare Vcenter Server 6.0/6.5 VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | 7.5 |
| 2017-09-15 | CVE-2017-4926 | Cross-site Scripting vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). | 5.4 |
| 2017-08-01 | CVE-2017-4923 | Insufficiently Protected Credentials vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. | 9.8 |
| 2017-08-01 | CVE-2017-4922 | Information Exposure vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. | 6.5 |
| 2017-08-01 | CVE-2017-4921 | Unspecified vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. | 8.8 |
| 2017-07-28 | CVE-2017-4919 | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 5.5/6.0/6.5 VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | 9.0 |