CVE-2023-34056: 
vSphere vCenter Server vulnerability analysis and mitigation

CVE-2023-34056 is a partial information disclosure vulnerability affecting VMware vCenter Server. The vulnerability was discovered and responsibly reported to VMware, with the initial advisory published on October 25, 2023. This vulnerability affects multiple versions of VMware vCenter Server and VMware Cloud Foundation products (VMware Advisory).

The vulnerability has been evaluated by VMware to be in the Moderate severity range with a CVSSv3 base score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). The vulnerability is classified under CWE-922 (Insecure Storage of Sensitive Information) (CISA-ADP).

The vulnerability allows unauthorized data access within vCenter Server. A malicious actor with non-administrative privileges to vCenter Server can leverage this issue to access unauthorized data (VMware Advisory).

VMware has released patches to address this vulnerability. The fixed versions include vCenter Server 8.0U2 and 7.0U3o. For Cloud Foundation 5.x/4.x deployments, specific patches are available through KB88287. No workarounds are available for this vulnerability, making patch installation the only remediation option (VMware Advisory).