VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vcenter_server | Vmware | 5.5 (including) | 5.5 (including) |
| Vcenter_server | Vmware | 5.5-1 (including) | 5.5-1 (including) |
| Vcenter_server | Vmware | 5.5-1a (including) | 5.5-1a (including) |
| Vcenter_server | Vmware | 5.5-1b (including) | 5.5-1b (including) |
| Vcenter_server | Vmware | 5.5-1c (including) | 5.5-1c (including) |
| Vcenter_server | Vmware | 5.5-2 (including) | 5.5-2 (including) |
| Vcenter_server | Vmware | 5.5-2b (including) | 5.5-2b (including) |
| Vcenter_server | Vmware | 5.5-2d (including) | 5.5-2d (including) |
| Vcenter_server | Vmware | 5.5-2e (including) | 5.5-2e (including) |
| Vcenter_server | Vmware | 6.0 (including) | 6.0 (including) |
| Vcenter_server | Vmware | 6.0-a (including) | 6.0-a (including) |
| Vcenter_server | Vmware | 6.0-b (including) | 6.0-b (including) |