The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.5 | 6.5 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 7.0 | 7.0 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
Vcenter_server | Vmware | 6.7 | 6.7 |
As data is migrated to the cloud, if access does not require authentication, it can be easier for attackers to access the data from anywhere on the Internet.