Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.
The product does not validate, or incorrectly validates, a certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vcenter_server | Vmware | 6.5 (including) | 6.5 (including) |
| Vcenter_server | Vmware | 6.5-a (including) | 6.5-a (including) |
| Vcenter_server | Vmware | 6.5-b (including) | 6.5-b (including) |
| Vcenter_server | Vmware | 6.5-c (including) | 6.5-c (including) |
| Vcenter_server | Vmware | 6.5-d (including) | 6.5-d (including) |
| Vcenter_server | Vmware | 6.5-e (including) | 6.5-e (including) |
| Vcenter_server | Vmware | 6.5-f (including) | 6.5-f (including) |
| Vcenter_server | Vmware | 6.5-update1 (including) | 6.5-update1 (including) |
| Vcenter_server | Vmware | 6.5-update1b (including) | 6.5-update1b (including) |
| Vcenter_server | Vmware | 6.5-update1c (including) | 6.5-update1c (including) |
| Vcenter_server | Vmware | 6.5-update1d (including) | 6.5-update1d (including) |
| Vcenter_server | Vmware | 6.5-update1e (including) | 6.5-update1e (including) |
| Vcenter_server | Vmware | 6.5-update1g (including) | 6.5-update1g (including) |
| Vcenter_server | Vmware | 6.5-update2 (including) | 6.5-update2 (including) |
| Vcenter_server | Vmware | 6.5-update2b (including) | 6.5-update2b (including) |
| Vcenter_server | Vmware | 6.5-update2c (including) | 6.5-update2c (including) |
| Vcenter_server | Vmware | 6.5-update2d (including) | 6.5-update2d (including) |
| Vcenter_server | Vmware | 6.5-update2g (including) | 6.5-update2g (including) |
| Vcenter_server | Vmware | 6.5-update3 (including) | 6.5-update3 (including) |
| Vcenter_server | Vmware | 6.7 (including) | 6.7 (including) |
| Vcenter_server | Vmware | 6.7-a (including) | 6.7-a (including) |
| Vcenter_server | Vmware | 6.7-b (including) | 6.7-b (including) |
| Vcenter_server | Vmware | 6.7-d (including) | 6.7-d (including) |
| Vcenter_server | Vmware | 6.7-update1 (including) | 6.7-update1 (including) |
| Vcenter_server | Vmware | 6.7-update1b (including) | 6.7-update1b (including) |
| Vcenter_server | Vmware | 6.7-update2 (including) | 6.7-update2 (including) |
| Vcenter_server | Vmware | 6.7-update2a (including) | 6.7-update2a (including) |
| Vcenter_server | Vmware | 6.7-update2c (including) | 6.7-update2c (including) |
| Vcenter_server | Vmware | 6.7-update3 (including) | 6.7-update3 (including) |