1050 matches found
PT-2016-32: XML External Entity Injection in vCenter Server and vRealize Automation
The specialists of the Positive Research center have detected an XML External Entity Injection in vCenter Server. Vulnerability in the Single Sign-On implementation in VMware vCenter Server and vRealize Automation allows attackers to cause a denial of service or obtain sensitive information via a...
VMware vCenter Server JMX RMI Service Vulnerability
VMware vCenter Server is a set of server and virtualization management software from VMware. A security vulnerability exists in the JMX RMI service of VMware vCenter Server. A remote attacker can exploit this vulnerability to execute arbitrary code via the RMI protocol...
VMware vCenter Server vpxd Service Denial of Service Vulnerability
VMware vCenter Server is a set of server and virtualization management software from VMware. A security vulnerability exists in the vpxd service of VMware vCenter Server. A remote attacker could exploit this vulnerability to cause a denial of service with the help of a long heartbeat message...
CVE-2015-2342
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol...
Design/Logic Flaw
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol...
Code injection
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message...
CVE-2015-1047
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message...
CVE-2015-2342
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol...
CVE-2015-1047
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message...
CVE-2015-1047
VMware products affected by CVE-2015-1047 include vCenter Server (vpxd) 5.0 before u3e, 5.1 before u3, and 5.5 before u2 (DoS via long heartbeat) and ESXi 5.0/5.1/5.5 with OpenSLP OpenSLP OpenSLP double-free in SLPDProcessMessage() leading to remote code execution or denial of service. Patches/up...
CVE-2015-2342
CVE-2015-2342 concerns the JMX RMI service in VMware vCenter Server. Multiple sources (NVD, SUSE, CNVD, CIRCL) describe that vCenter Server versions 5.0 (before u3e), 5.1 (before u3b), 5.5 (before u3), and 6.0 (before u1) expose an overly permissive JMX RMI endpoint that does not restrict MBean r...
VMware vCenter Server Multiple Vulnerabilities (VMSA-2015-0007)
VMware vCenter Server JMX RMI remote code execution RCE / vpxd denial of service DoS vulnerability SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
VMware vCenter Server JMX RMI Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the configuration of the JMX remote interface. This interface allows a remote attack...
VMware vCenter Multiple Vulnerabilities (VMSA-2015-0007)
The VMware vCenter Server installed on the remote host is affected by the following vulnerabilities : - A flaw exists in the vpxd service due to improper sanitization of long heartbeat messages. An unauthenticated, remote attacker can exploit this to cause a denial of service. CVE-2015-1047 - A...
VMware vCenter Server LDAP Certificate Validation Bypass Vulnerability
VMware vCenter Server provides centralized visibility, proactive management and extensibility into virtual infrastructures. VMware vCenter Server fails to validate TLS certificates when binding to LDAP servers, allowing an attacker to intercept communications between an LDAP server and a target...
CVE-2015-6932
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2015-6932
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
VMware Releases Security Update
VMware has released a security update to address a Lightweight Directory Access Protocol LDAP certificate validation vulnerability in vCenter Server. Exploitation of this vulnerability may allow an attacker to obtain sensitive information. Available updates include: VMware vCenter Server version...
VMware vCenter Server updates address a LDAP certificate validation issue
VMware vCenter Server LDAP certificate validation vulnerability. VMware vCenter Server does not validate the certificate when connecting to a single sign on identity source using LDAPS LDAP over SSL. This applies when connecting to Active Directory as an LDAP Server or OpenLDAP. Exploitation of...