#VU7640 Information disclosure in vCenter Server - CVE-2017-4922
Published: August 1, 2017
Vulnerability identifier: #VU7640
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4922
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
vCenter Server
vCenter Server
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to improper storing of sensitive information by the service startup script. A remote attacker can trigger the service startup script restart and access important data that may be used to conduct further attack.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Update to version 6.5 U1.