Lucene search

K
vmwareVMwareVMSA-2014-0012.1
HistoryDec 04, 2014 - 12:00 a.m.

VMware vSphere product updates address security vulnerabilities

2014-12-0400:00:00
www.vmware.com
15

EPSS

0.046

Percentile

92.6%

a. VMware vCSA cross-site scripting vulnerabilityVMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.