CVE-2019-5531
Description
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4>=6.0 <ESXi600-201807103-SG; >=6.5 <ESXi650-201811102-SG; >=6.7 <ESXi670-201810101-SG+ 1 more
- (no CPE)range: >=6.0 <ESXi600-201807103-SG; >=6.5 <ESXi650-201811102-SG; >=6.7 <ESXi670-201810101-SG
- (no CPE)range: 6.7 prior to ESXi670-201810101-SG
>=6.0 <6.0 U3j; >=6.5 <6.5 U2b; >=6.7 <6.7 U1b+ 1 more
- (no CPE)range: >=6.0 <6.0 U3j; >=6.5 <6.5 U2b; >=6.7 <6.7 U1b
- (no CPE)range: 6.7 prior to 6.7 U1b
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.vmware.com/security/advisories/VMSA-2019-0013.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.