What is CVE-2017-4927?

CVE-2017-4927 is a high-severity vulnerability in Vmware Vcenter Server, classified under LDAP Injection. CVSS score: 7.5/10. Published 2017-11-17.

How severe is CVE-2017-4927?

High severity. CVSS v3 base score is 7.5 out of 10.

LDAP Injection in Vmware Vcenter Server

CVE-2017-4927

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

EPSS: 0.014 (81.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Vmware Vcenter Server — versions 6.5 prior to 6.5 U1, 6.0 prior to 6.0 U3c
Vmware Vcenter_server

Weakness classification (CWE)

CWE-90 — LDAP Injection

References

security@vmware.com (x_refsource_CONFIRM, Vendor Advisory)
security@vmware.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
security@vmware.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-4927?: CVE-2017-4927 is a high-severity vulnerability in Vmware Vcenter Server, classified under LDAP Injection. CVSS score: 7.5/10. Published 2017-11-17.
How severe is CVE-2017-4927?: High severity. CVSS v3 base score is 7.5 out of 10.