VMWare VVOL Support With Citrix MCS and PVS

Use of VMware vSphere Virtual Volumes VMware vVOLs with CVAD MCS and PVS environments...

HPE 3PAR Service Processor Information Disclosure Vulnerability

HPE 3PAR Service Processor SP is a suite of virtual service processors deployed on the VMware vSphere hypervisor from Hewlett Packard Enterprise HPE, USA. An information disclosure vulnerability exists in previous versions of HPE 3PAR SP SP-5.0.0.0-22913GA, which can be exploited by an attacker t...

HPE 3PAR Service Processor Remote Code Execution Vulnerability

HPE 3PAR Service Processor SP is a suite of virtual service processors deployed on the VMware vSphere hypervisor from Hewlett Packard Enterprise HPE, USA. A remote code execution vulnerability exists in versions prior to HPE 3PAR SP SP-4.4.0.GA-110 MU7 that can be exploited by a remote attacker t...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances. An attacker could exploit these vulnerabilities to obtain sensitive information. NCCIC encourages users and administrators to review VMware Security Advisories VMSA-2018-0020,...

How to change the timeouts for the vSphere Connector

Sometimes a customer's environment is much slower than we planned for. We saw a scenario where disk moves and copies were taking several hours while still completing successfully. The vSphere connector was timing out much earlier, though. The ability to configure the timeouts is in 4.3 and all...

Veeam Backup & Replication plug-in missing in vSphere HTML5 Web Client after upgrade to VMware vSphere 6.7

Challenge After installing Veeam 9.5 Update 3a and simultaneous upgrade of vSphere from 6.5 to 6.7 Veeam vSphere Web Client Plugin might stop working for vSphere HTML5 Web Client. However it is still operational in vSphere Flash/Flex Web Client. The issue is only reproducible in case the plugin w...

VMSA-2018-0012 : VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue (Spectre)

vCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System GOS can remediate the Speculative Store bypass issue CVE-2018-3639 using the Speculative-Store- Bypass-Disable SSBD control bit. Thi...

Release Notes for Veeam Backup & Replication 9.5 Update 3a

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup Replication 9.5 Update 3a Cause Please confirm that you are running version 9.5.0.580, 9.5.0.711, 9.5.0.802, 9.5.0.823,...

VMware vSphere 6.7 - Citrix Known Issues

Citrix is committed to ensuring compatibility with the latest VMware Hypervisor releases. VMware released vSphere 6.7 in April 2018. Note: This is a live article, and is updated as and when the new information becomes available. For Current Release, vSphere 6.7 is supported with Virtual Apps and...

VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.

vCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System GOS can remediate the Speculative Store bypass issue CVE-2018-3639 using the Speculative-Store-Bypass-Disable SSBD control bit. This...

VMSA-2018-0012:VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.

VMSA-2018-0012.1 VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0012.1 VMware Security Advisory Severity: Moderate VMware Security Advisory...

CVE-2018-1276

Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials...

Information disclosure

Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials...

CVE-2018-1276

Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials...

CVE-2018-1276

The CVE-2018-1276 entry affects Cloud Foundry Windows 2012R2 stemcells prior to version 1200.17. The vulnerability enables an information exposure where a remote user able to push apps can craft commands to read the IaaS VM metadata, which may include BOSH credentials. Affected product/component:...

CVE-2018-1276

Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials...

CVE-2018-1276: Windows2012R2 stemcell exposes IaaS metadata on vSphere | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using Windows 2012R2 stemcells versions prior to 1200.17 Description Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user wi...

CVE-2018-1000153

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

CVE-2018-1000151

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default...

Input validation

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default...