3 matches found
CVE-2017-4928
The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...
CVE-2017-4928
CVE-2017-4928 affects the Flash-based vSphere Web Client (not the HTML5 client). The issue stems from improper neutralization of URLs, enabling SSRF and CRLF injection that could allow an attacker to send a crafted POST request towards internal services and disclose information. Affected VMware p...
KLA11142 DoS and OSI vulnerabilities in VMware products
Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in VMware...