CVE-2019-5531

Name of the Vulnerable Software and Affected Versions VMware vSphere ESXi versions 6.7 prior to ESXi670-201810101-SG VMware vSphere ESXi versions 6.5 prior to ESXi650-201811102-SG VMware vSphere ESXi versions 6.0 prior to ESXi600-201807103-SG VMware vCenter Server versions 6.7 prior to 6.7 U1b VMware vCenter Server versions 6.5 prior to 6.5 U2b VMware vCenter Server versions 6.0 prior to 6.0 U3j

Description The issue is related to insufficient session expiration, which may allow a remote attacker to gain unauthorized access to protected information. An attacker with physical access or the ability to mimic a websocket connection to a user's browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.

Recommendations For VMware vSphere ESXi version 6.7 prior to ESXi670-201810101-SG, update to ESXi670-201810101-SG or later. For VMware vSphere ESXi version 6.5 prior to ESXi650-201811102-SG, update to ESXi650-201811102-SG or later. For VMware vSphere ESXi version 6.0 prior to ESXi600-201807103-SG, update to ESXi600-201807103-SG or later. For VMware vCenter Server version 6.7 prior to 6.7 U1b, update to 6.7 U1b or later. For VMware vCenter Server version 6.5 prior to 6.5 U2b, update to 6.5 U2b or later. For VMware vCenter Server version 6.0 prior to 6.0 U3j, update to 6.0 U3j or later.