KLA10665 Obtain sensitive information vulnerability in VMware vCenter Server

Improper certificate validation was found in VMware vCenter Server. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a traffic interception. Technical details This vulnerability can be exploited when vCenter Server...

VMSA-2015-0006:VMware vCenter Server updates address a LDAP certificate validation issue

VMSA-2015-0006.1 VMware vCenter Server updates address a LDAP certificate validation issue VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2015-0006.1 VMware Security AdvisorySynopsis: VMware vCenter Server updates address a LDAP certificate validation issue VMware Security...

VMware vCenter Server Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)

The VMware vCenter Server installed on the remote host is version 5.0 prior to 5.0u3d, 5.1 prior to 5.1u3a, 5.5 prior to 5.5u2e, or 6.0 prior to 6.0.0a. It is, therefore, affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE, related to the bundled JRE componen...

Failed to connect to vCenter server during Restore

During a restore you receive the error message: “Failed to connect to vCenter server”...

VMware Security Updates for vCenter Server (VMSA-2015-0001) (POODLE)

The VMware vCenter Server installed on the remote host is version 5.5 prior to Update 2d. It is, therefore, affected by multiple vulnerabilities in the included OpenSSL library : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow deni...

ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability EMC Identifier: ESA-2015-006 CVE Identifier: CVE-2014-4632 Severity Rating: CVSSv2 Base Score: 7.9 AV:A/AC:M/Au:N/C:C/I:C/A:C Affected products: • EMC Avamar Data Store ADS and Avam...

VMware vCenter Server Appliance Unspecified XSS (VMSA-2014-0012)

The version of VMware vCenter Server Appliance installed on the remote host is 5.1 prior to Update 3. It is, therefore, affected by an unspecified cross-site scripting vulnerability. A remote attacker can exploit this by means of a specially crafted URL or malicious web page, which can result in...

VMware Security Updates for vCenter Server (VMSA-2014-0012)

The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - Due to improper certificate validation when connecting to a CIM server on ...

VMware Releases Patches for XSS, Cert. Validation Issue

VMware released a handful of patches late last week to fix several vulnerabilities, including a nasty cross-site scripting issue in one of its server virtualization platforms. The vulnerabilities lie in VMware’s vCenter Server Appliance vCSA – a module for VMware’s vCenter Server. The main bug, a...

CVE-2014-8371

VMware vCenter Server Appliance vCSA 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate...

CVE-2014-3797

Cross-site scripting XSS vulnerability in VMware vCenter Server Appliance vCSA 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Code injection

VMware vCenter Server Appliance vCSA 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate...

CVE-2014-8371

CVE-2014-8371 affects VMware vCenter Server and vCSA when connecting to an ESXi CIM server; root cause is improper certificate validation that enables MITM spoofing of CIM services. Affected versions: vCSA 5.5 before Update 2, vCenter Server 5.1 before Update 3, and 5.0 before Update 3c. Remediat...

CVE-2014-3797

CVE-2014-3797 is an XSS vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 prior to Update 3, allowing remote attackers to inject arbitrary script/HTML via unspecified vectors. Connected sources confirm the issue and that remediation is available: vCSA 5.1 Update 3 (and related patches i...

CVE-2014-8371

VMware vCenter Server Appliance vCSA 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate...

VMSA-2014-0013:VMware vCloud Automation Center product updates address a CRITICAL remote privilege escalation vulnerability

VMSA-2014-0013 VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0013 VMware Security Advisory Synopsis: VMware vCloud Automation Center product updates address a...

VMware Releases Security Updates for vCenter Server, vCenter Server Appliance, and ESXi

VMware has released a security advisory to address multiple vulnerabilities in vCenter Server, vCenter Server Appliance, and ESXi. Exploitation of these vulnerabilities may allow a remote attacker to perform man-in-the-middle or cross-site scripting attacks. US-CERT encourages users and...

VMware Security Updates for vCenter Server (VMSA-2014-0012)

VMware vCenter product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

VMware vSphere product updates address security vulnerabilities

a. VMware vCSA cross-site scripting vulnerabilityVMware vCenter Server Appliance vCSA contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMwar...

VMware vCenter Server Appliance Bash Remote Code Execution (VMSA-2014-0010) (Shellshock)

The version of VMware vCenter Server Appliance installed on the remote host is 5.0 prior to Update 3b, 5.1 prior to Update 2b, or 5.5 prior to Update 2a. It therefore contains a version of bash that is affected by a command injection vulnerability via environment variable manipulation. Depending ...