1050 matches found
Delivery Controller cannot contact vCenter server after certificate update on vCenter
Delivery Controller unable to contact the vCenter server aftercertificate update onthe vCenter server...
VMware vSphere Data Protection Local Storage vCenter Server Credentials Vulnerability
VMware vSphere Data Protection VDP is a disk-based backup and recovery solution from VMware. Integrated with VMware vCenter Server, the server and virtualization management software, the solution can be used to centrally manage backup jobs while storing backup files in deduplicated target storage...
Design/Logic Flaw
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained...
VMware Patches Multiple Security Issues in Workstation
VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability. The virtualization software company warned of the issues Thursday night in a security advisory VMSA-2017-0009. Jann Horn, a securi...
Error "cannot connect to the hypervisor at <ADDRESS> object reference not set to an instance of an object" when running the XDSW
When running the XenDesktop Setup Wizard, it can fail with the following error: "cannot connect to the hypervisor at object reference not set to an instance of an object" The string will contain the actual URL of the vCenter Server. This issue can appear when the DataCenter name on the VMWare sid...
ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs
Adobe today released an important security hotfix for several versions of its ColdFusion rapid web application development platform. The company said the update addresses an input validation vulnerability CVE-2017-3008 in the software that could be used in reflected cross-site scripting XSS...
VMware vCenter Server 6.0.x < 6.0u3b / 6.5.x < 6.5c BlazeDS AMF3 RCE (VMSA-2017-0007)
The version of VMware vCenter Server installed on the remote host is 6.0.x prior to 6.0u3b or 6.5.x prior to 6.5c. It is, therefore, affected by a flaw in FlexBlazeDS when processing AMF3 messages due to allowing the instantiation of arbitrary classes when deserializing objects. An unauthenticate...
VMware vCenter Server Appliance BlazeDS AMF3 RCE (VMSA-2017-0007)
The version of VMware vCenter Server Appliance installed on the remote host is 6.0 prior to Update 3b or 6.5 prior to Update c. It is, therefore, affected by a flaw in FlexBlazeDS when processing AMF3 messages due to allowing the instantiation of arbitrary classes when deserializing objects. An...
VMware vCenter Server Remote Code Execution Vulnerability (VMSA-2017-0007)
Remote code execution vulnerability via BlazeDS. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:vcenterserver";...
VMWare Fixes Critical RCE in vCenter Server
VMware patched a critical vulnerability in its vCenter Server platform late last week that could have let an attacker execute arbitrary code in some scenarios. The vulnerability affected two versions of vCenter, 6.5 and 6.0. Users are encouraged to update to the most recent versions, 6.5c, and...
VMware Releases Security Updates
VMware has released security updates to address a vulnerability in vCenter Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0007 and apply the...
VMware vSphere Data Protection (VDP) Man-in-the-Middle Attack Vulnerability
VMware vSphere Data Protection VDP is prone to a man in the middle attack vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMSA-2017-0007:VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS
VMSA-2017-0007 VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0007 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware vCenter Server updates resolve...
VMware vCenter Server BlazeDS Component Remote Code Execution Vulnerability
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A remote code execution vulnerability exists...
VMware Security Updates for vCenter Server (VMSA-2017-0004)
VMware product updates resolve remote code execution RCE vulnerability via Apache Struts 2. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
CVE-2016-7458
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2016-7459
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a 1 Log Browser, 2 Distributed Switch setup, or 3 Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML...
Xxe
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity...
Xxe
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a 1 Log Browser, 2 Distributed Switch setup, or 3 Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML...
CVE-2016-7460
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity...