Customer vulnerability scanners will detect open SSH vulnerabilities.
CVE-2023-51384 priority is medium (CVSS score is 5.5)
CVE-2023-51385 priority is medium (CVSS score is 5.5)
VMware Cloud Director 10.5.x
This CVE is affected to the openssh version 8.9 and above
Run the following command to verify the version being used in the environment.
Open ssh session of the VC and run "rpm -qa | grep -i ssh"
Since OpenSSH is one of the packages which comes as a complete installation bundle with VMware Cloud Director we cannot upgrade it to specific version.
As a workaround keep SSH disabled on vCloud Director unless required for Troubleshooting. To deactivate SSH
Alternatively, this is resolved in Cloud Director 10.6 - VMware Cloud Director 10.6 Release Notes