CVE-2017-4922

medium

Published 2017-08-01 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

4.0

VIR risk

6.5

Description

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security@vmware.com — https://www.vmware.com/security/advisories/VMSA-2017-0013.html

Application impact

Vendor	Product	Versions	Fixed
vmware	vcenter_server	`6.5`

References

http://www.securityfocus.com/bid/100012
http://www.securitytracker.com/id/1039013
https://www.vmware.com/security/advisories/VMSA-2017-0013.html
http://www.securityfocus.com/bid/100012
http://www.securitytracker.com/id/1039013
https://www.vmware.com/security/advisories/VMSA-2017-0013.html

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.