CVE-2014-4632

Affected products: VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1; also the EMC Avamar proxy client components (ADS/AVE) 6.x and 7.0.x. Root cause: SSL certificate validation is insufficient; VDP and Avamar proxy fail to properly verify X.509 certificates from vC...

KLA10452 Multiple vulnerabilities in VMware products

Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to gain privileges or cause denial of service. Below is a complete list of vulnerabilities 1. Vectors related to file write can be exploited locally; 2. Improper input validation...

How to manually remove restore points from a VMware Replica

Purpose This article documents how to remove restore points from a Veeam Backup & Replication replica in a vSphere environment. The replica must be in a state where: the latest run was successful the job is not currently running failover is not currently active. Solution Remove old restore points...

NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2014-0012 Synopsis: VMware vSphere product updates address security vulnerabilities Issue date: 2014-12-04 Updated on: 2014-12-04...

VMware vSphere multiple security vulnerabilities

Crossite scripting, certificate validation issues, vulnerabilities in 3rd party packages...

VMSA-2014-0012 : VMware vSphere product updates address security vulnerabilities

a. VMware vCSA cross-site scripting vulnerability VMware vCenter Server Appliance vCSA contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMwa...

VMSA-2014-0012:VMware vSphere product updates address security vulnerabilities

VMSA-2014-0012.1 VMware vSphere product updates address security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0012.1 VMware Security Advisory Synopsis: VMware vSphere product updates address security vulnerabilities VMware Security Advisory Issue date:...

VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)

The VMware vSphere Replication installed on the remote host is version 5.1.x prior to 5.1.2.2, 5.5.x prior to 5.5.1.3, 5.6.x prior to 5.6.0.2, or 5.8.x prior to 5.8.0.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing...

Veeam doesn't clean up temporary datastore in vSphere after restore from NetApp storage snapshot

Challenge After completing one of the restore options available for NetApp storage snapshot, you may notice that the temporary datastore under the name "snap--" is still mounted on the ESXi hosts with inactive status. See the screenshot below for an example: After a manual rescan of the storage...

VMSA-2014-0011:VMware vSphere Data Protection product update addresses a CRITICAL information disclosure vulnerability.

VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0011 VMware Security Advisory Synopsis: VMware vSphere Data Protection product update addresses a critic...

VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

The VMware vSphere Replication installed on the remote host is version 5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into oth...

VMware ESXi product updates to third party libraries (VMSA-2014-0008)

VMware has updated vSphere third party libraries. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VMSA-2014-0008 : VMware vSphere product updates to third-party libraries

a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifier CVE-2014-0114 to this issue. b...

VMware vSphere product updates to third party libraries

a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue.This issue may lead to remote code execution after authentication.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifier CVE-2014-0114 to this issue.Column 4...

VMSA-2014-0008:VMware vSphere product updates to third party libraries

VMSA-2014-0008.2 VMware vSphere product updates to third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0008.2 VMware Security Advisory Synopsis: VMware vSphere product updates to third party libraries VMware Security Advisory Issue date: 2014-09-09 VMwar...

Monitoring of vSphere 4.x fails with Veeam MP v7

Challenge Though everything is configured correctly and you have successfully added vCenter 4.x or standalone ESX 4.x to Veeam Extensions as a Monitoring target, no data is shown in SCOM and you can see "Veeam VMware Collector: VMware connection is unavailable" alerts . Additionally, the followin...

Storage vMotion of Instant Recovery fails with “The method is disabled by ‘’”

Challenge When attempting to migrate an Instant Recovery VM to a production datastore using VMware Storage vMotion, the following error occurs: The method is disabled by 'vm-' Call 'VirtualMachine.Relocate' for object 'vmname' on vCenter Server 'vCenterName' failed. Solution To correct this issue...

Using the vSphere MOB (Managed Object Browser) to Troubleshoot Snapshot Creation

Purpose This article documents the procedure for manually creating a vSphere VM snapshot using the Managed Object Browser MOB. Solution Start by identifying the Managed Object Reference-ID MORef-ID of the VM for which the snapshot will be created. If the VM is being protected by Veeam Backup &...

VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0006)

The version of vSphere Client installed on the remote Windows host is is affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issu...

"Virtual machine has ‘X’ megabytes of memory which is larger than the maximum ‘X’ megabytes supported by the datastore.”

Challenge Error "Virtual-machine-has-X-megabytes-of-memory-which-is-larger-than-the-maximum-X-megabytes-supported-by-the-datastore" can occur with Other OS FLR, Instant Recovery, or SureBackup. Cause Assuming the VeeamBackup datastore is present and not being used the first troubleshooting step f...