VMware vCenter Server (6.7.x before 6.7 U3, 6.5 before 6.5 U3 and 6.0 before 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vcenter server 6.0 |
||
vmware vcenter server 6.7 |
||
vmware vcenter server 6.5 |