Input validation

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default...

Authorization

An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

CVE-2018-1000152

An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

CVE-2018-1000151

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default...

CVE-2018-1000153

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

CVE-2018-1000152

An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

CVE-2018-1000153

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

CVE-2018-1000153

CVE-2018-1000153 is a cross-site request forgery vulnerability in Jenkins vSphere Plugin

CVE-2018-1000151

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default...

CVE-2018-1000151

The CVE-2018-1000151 entry concerns Jenkins vSphere Plugin (versions 2.16 and older) where VSphere.java disables SSL/TLS certificate validation by default, creating a man‑in‑the‑middle risk. Connected documents corroborate the issue across multiple advisories (Red Hat, SUSE, GitHub GHSA, OSV, NVD...

CVE-2018-1000152

CVE-2018-1000152 affects Jenkins with the vSphere Plugin (2.16 and older). The vulnerability is an improper authorization issue in multiple vSphere-related UI actions (form validation) that can cause the plugin to send numerous requests to a configured vSphere server, potentially leading to denia...

The vulnerability of the vSphere Integrated Containers software platform and the vRealize Automation automation tool lies in the ability to execute arbitrary code due to a memory corruption issue. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the vSphere Integrated Containers software platform and the vRealize Automation automation tool exists due to the restoration of a questionable data structure in memory. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending...

How to generate a complete crash dump file or a kernel crash dump file in vSphere by using an NMI from the ESX host

When you have a computer that is frozen but not crashing, you might need to have an analysis done on a DMP file produced while the machine is in its hung state. You may want to use the CTRL+SCROLL LOCK+SCROLL LOCK keyboard shortcut to generate a crash dump file. This shortcut may be useful in...

Release Notes for Veeam Management Pack 8.0 Update 5

Challenge Release Notes for Veeam Management Pack 8.0 Update 5 Cause Please confirm you are running Veeam Management Pack 8.0 prior to installing this update. You can check this in Operations Manager console under Administration | Management Packs, the build number should be 8.0.0.2218 or later. ...

Veeam Backup & Replication support for vSphere

Purpose This article provides information about compatibility between vSphere and Veeam Backup & Replication. Solution The vSphere versions listed in this article include all applicable patches for those versions. vCenter Server versions and build numbers Build numbers and versions of VMware...

CVE-2017-4947

VMware vRealize Automation 7.3 and 7.2 and vSphere Integrated Containers 1.x before 1.3 contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance...

Deserialization of untrusted data

VMware vRealize Automation 7.3 and 7.2 and vSphere Integrated Containers 1.x before 1.3 contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance...

CVE-2017-4947

VMware vRealize Automation 7.3 and 7.2 and vSphere Integrated Containers 1.x before 1.3 contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance...

CVE-2017-4947

CVE-2017-4947 describes a deserialization vulnerability via Xenon in VMware vRealize Automation (vRA) 7.2/7.3 and VIC 1.x before 1.3, allowing remote code execution on the appliance. Connected documents confirm the affected products/versions and cite mitigation via patches: vRA 7.2/7.3 require up...