Lucene search

K
vmwareVMwareVMSA-2014-0012
HistoryDec 04, 2014 - 12:00 a.m.

VMware vSphere product updates address security vulnerabilities

2014-12-0400:00:00
www.vmware.com
67

0.046 Low

EPSS

Percentile

91.7%

a. VMware vCSA cross-site scripting vulnerability
VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page.
VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.