vulnerability
VMSA-2019-0013: VMware ESXi information disclosure vulnerability (CVE-2019-5531)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Sep 18, 2019 | Sep 23, 2019 | Oct 7, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Sep 18, 2019
Added
Sep 23, 2019
Modified
Oct 7, 2025
Description
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
Solutions
vmware-esxi60-upgrade-14513180vmware-esxi65-upgrade-13932383vmware-esxi67-upgrade-13004448
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.