KLA10530 JRE update for multiple VMware products

Multiple VMware products were updated to address vulnerabilities in Oracle Java. For details look at KLA10447.

Original advisories

VMSA advisory

KLA10447

Exploitation

Public exploits exist for this vulnerability.

Related products

VMware-unclassified-products

CVE list

CVE-2014-6593 warning

Solution

Follow solution notes listed by vendor

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• WLF

Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.

• LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected Products

• Horizon View 6.x or 5.x Horizon Workspace Portal Server versions 2.1 and 2.0 vCenter Operations Manager versions 5.8 and 5.7 vCloud Automation Center version 6.0.1 vSphere Replication prior to 5.8.0.2 or 5.6.0.3 vRealize Automation versions 6.2 and 6.1 vRealize Code Stream versions 1.1 and 1.0 vRealize Hyperic versions 5.8, 5.7 and 5.0 vSphere AppHA versions earlier than 1.1 vRealize Business Standard prior 1.1.x or 1.0.x NSX for Multi-Hypervisor versions earlier than 4.2.4     vRealize Configuration Manager versions 5.7.x or 5.6.x vRealize Infrastructure versions 5.8 and 5.7