Customer vulnerability scanners will detect open SSH vulnerabilities.
CVE-2023-51384 priority is medium (CVSS score is 5.5)
CVE-2023-51385 priority is medium (CVSS score is 5.5)
VMware vCenter Sever 7.x
VMware vCenter Sever 8.x
CVE-2023-51384 and CVE- 2023-51385 are fixed in vCenter 8.0 U3 patch.
Since OpenSSH is one of the packages which comes as a complete installation bundle with VMware vCenter Server we cannot upgrade it to specific version.
Keep ssh disabled on your host unless it is required for troubleshooting purposes.
This CVE is affected to the openssh version 8.9 and above
Run the following command to verify the version being used in the environment.
Open ssh session of the VC and run "rpm -qa | grep -i ssh"