CVE-2016-7463

Cross-site scripting XSS vulnerability in the Host Client in VMware vSphere Hypervisor aka ESXi 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM...

CVE-2016-7456

Affected product/versions: VMware vSphere Data Protection appliances 5.5.x through 6.1.x. Vulnerability cause: SSH private key used by the local admin (sudoer) has a publicly known password, enabling key-based SSH access. Impact: Remote attacker could gain login access via SSH, potentially compro...

CVE-2016-7458

Summary of CVE-2016-7458 : VMware vSphere Client (versions 5.5 prior to U3e and 6.0 prior to U2a) contains an XML External Entity (XXE) vulnerability in which an XML document with an external entity declaration and an entity reference can cause information disclosure. The issue affects the vSpher...

CVE-2016-7463

The CVE-2016-7463 issue affects VMware ESXi (Host Client) on vSphere Hypervisor 5.5 and 6.0. The vulnerability is a stored cross-site scripting (XSS) flaw caused by improper validation of user-supplied input, exploitable by an authenticated, remote attacker who can import a specially crafted VM t...

vSphere Data Protection Detection

This script performs SSH based detection of vSphere Data Protection SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

VMware vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue (VMSA-2016-0024, dpnid) - Active Check

VMware vSphere Data Protection VDP updates address SSH key-based authentication issue. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

VMware vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue (VMSA-2016-0024, admin_key) - Active Check

VMware vSphere Data Protection VDP updates address SSH key-based authentication issue. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

VMware vSphere Data Protection Authentication Bypass Vulnerability

VMware vSphere Data Protection VDP is a disk-based backup and recovery solution from VMware. Integrated with VMware vCenter Server, the server and virtualization management software, the solution can be used to centrally manage backup jobs while storing backup files in deduplicated target storage...

VMSA-2016-0023 : VMware ESXi updates address a cross-site scripting issue

a. Host Client stored cross-site scripting issue The ESXi Host Client contains a vulnerability that may allow for stored cross-site scripting XSS. The issue can be introduced by an attacker that has permission to manage virtual machines through ESXi Host Client or by tricking the vSphere...

VMware ESXi updates address a cross-site scripting issue (VMSA-2016-003) - Remote Version Check

VMware ESXi updates address a critical glibc security vulnerability SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

vSphere Data Protection (VDP) update addresses SSH key-based authentication issue

VDP SSH key-based authentication issue VDP contains a private SSH key with a known password that is configured to allow key-based authentication. Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges. VMware would like to thank Marc...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in vSphere Hypervisor ESXi. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2016-0023 and...

VMSA-2016-0023:VMware ESXi updates address a cross-site scripting issue

VMware Security Advisories VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0023 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware ESXi updates address a cross-site...

VMSA-2016-0024:vSphere Data Protection (VDP) update addresses SSH key-based authentication issue

VMSA-2016-0024.1 vSphere Data Protection VDP updates address SSH Key-Based authentication issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0024.1 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates addres...

Release Notes for Veeam Management Pack 8.0 Update 3

Challenge Release Notes for Veeam Management Pack 8.0 Update 3 Cause Please confirm you are running Veeam Management Pack 8.0 prior to installing this update. You can check this in Operations Manager console under Administration | Management Packs, the build number should be 8.0.0.2218 or later. ...

VMware vSphere Client XXE Injection Information Disclosure (VMSA-2016-0022)

The version of vSphere Client installed on the remote Windows host is affected by an information disclosure vulnerability due to an incorrectly configured XML parser accepting XML external entities XXE from an untrusted source. An unauthenticated, remote attacker can exploit this issue to disclos...

VMware vSphere Client XML External Entity Information Disclosure Vulnerability

VMware vSphere is a virtualization platform for building cloud computing infrastructures from VMware that simplifies IT operations by separating applications and operating systems from the underlying hardware.VMware vSphere Client is a client software for VMware vSphere. An XML external entity...

PT-2021-2235 · Saltstack +4 · Saltstack Salt +6

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to errors in the certificate authentication procedure on vCenter, vSphere, and ESXi servers. This can allow a remote attacker to perform a "man-in-the-middle" attack. T...

VMSA-2016-0022:VMware product updates address information disclosure vulnerabilities

VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0022 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address information disclosure...

CID Mismatch in VMware on Restore with Backup and Replication V9 installed on Server 2008R2

Challenge Upon restore using Veeam Backup and Replication V9X you receive a CID mismatch error when you are on vSphere 5.5 Update 3b Cause This is a known issue with restoring with the option to use VM tags is enabled in vSphere 5.5 Update 3b Solution Known workarounds: 1. Upgrade Backup and...