vCenter Server Partial Info Disclosure (non-admin)
CVE-2023-34056 Published on October 25, 2023
VMware vCenter Server Partial Information Disclosure Vulnerability
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
Vulnerability Analysis
CVE-2023-34056 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.
Products Associated with CVE-2023-34056
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-34056 are published in VMware Vcenter Server:
Affected Versions
VMware vCenter Server:- Version 8.0 and below 8.0U2 is affected.
- Version 7.0 and below 7.0U3o is affected.
- Version 5.x is affected.
- Version 4.x is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.