CVE-2023-34056

Description

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

VMware / VMware Cloud Foundation (VMware vCenter Server)5.x – 5.x
VMware / VMware Cloud Foundation (VMware vCenter Server)4.x – 4.x
VMware / VMware vCenter Server8.0 – 8.0U2
VMware / VMware vCenter Server7.0 – 7.0U3o

References

VENDOR_ADVISORYhttps://www.vmware.com/security/advisories/VMSA-2023-0023.html