1. CVE-Search
  2. CVE-2019-5531
ID CVE-2019-5531
Summary VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
References
Vulnerable Configurations
  • cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.7:*:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.7:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.7:update_1:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.7:update_1:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_esxi:6.5:a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_esxi:6.5:a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vsphere_esxi:6.5:u2:*:*:*:*:*:*
    cpe:2.3:a:vmware:vsphere_esxi:6.5:u2:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.5:*:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201810002:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201810002:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201811001:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201811001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201811002:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201811002:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201901001:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201901001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201903001:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201903001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201905001:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201905001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.5:update_1:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.5:update_1:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201810001:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201810001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201811001:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201811001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201903001:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201903001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201905001:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201905001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:beta:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:beta:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:u1a:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:u1a:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:u1b:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:u1b:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:u3a:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:u3a:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:update_2:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:update_2:*:*:*:*:*:*
  • cpe:2.3:o:vmware:vsphere_esxi:6.0:update_3:*:*:*:*:*:*
    cpe:2.3:o:vmware:vsphere_esxi:6.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u1:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u1:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u1b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u1b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u2:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u2:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u2a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u2a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u2m:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u2m:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3e:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3e:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3f:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3f:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3g:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3g:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3h:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3h:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.0:u3i:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.0:u3i:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u1:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u1:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u1b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u1b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u1c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u1c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 10-02-2020 - 21:53)
Impact:
Exploitability:
CWE CWE-613
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
confirm http://www.vmware.com/security/advisories/VMSA-2019-0013.html
Last major update 10-02-2020 - 21:53
Published 18-09-2019 - 22:15
Last modified 10-02-2020 - 21:53
Back to Top