KLA10665
Obtain sensitive information vulnerability in VMware vCenter Server
Updated: 06/01/2019
Detect date
?
09/16/2015
Severity
?
High
Description

Improper certificate validation was found in VMware vCenter Server. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a traffic interception.


Technical details

This vulnerability can be exploited when vCenter Server binding to LDAP server via TLS.

Affected products

VMware vCenter Server 6.0 versions earlier than 6.0 update 1
VMware vCenter Server 5.5 versions earlier than 5.5 update 3

Solution

Update to the latest version
vCenter download and buy page

Original advisories

VMware advisory

Impacts
?
OSI 
[?]
Related products
VMware vCenter Server
CVE-IDS
?