CVE-2019-5531 vulnerability in VMware Products
Published on September 18, 2019
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a users browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
Products Associated with CVE-2019-5531
Want to know whenever a new CVE is published for VMware products? stack.watch will email you.
Affected Versions
VMware vSphere ESXi:- Version 6.7 prior to ESXi670-201810101-SG is affected.
- Version 6.5 prior to ESXi650-201811102-SG is affected.
- Version 6.0 prior to ESXi600-201807103-SG is affected.
- Version 6.7 prior to 6.7 U1b is affected.
- Version 6.5 prior to 6.5 U2b is affected.
- Version 6.0 prior to 6.0 U3j is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.