VMwareVMSA-2017-0019NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue.
0.001 Low
EPSS
Percentile
42.8%
a. NSX Edge Cross-Site Scripting (XSS) issue.
NSX Edge contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.
VMware would like to thank Jarad Kopf of Deltek and Issam Rabhi for independently reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4929 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4929
kb.vmware.com/kb/2078735
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
www.vmware.com/security/advisories
blogs.vmware.com/security
docs.vmware.com/en/VMware-NSX-for-vSphere/index.html
kb.vmware.com/kb/1055
my.vmware.com/web/vmware/details?productId=417&downloadGroup=NSXV_629B
my.vmware.com/web/vmware/details?productId=417&downloadGroup=NSXV_635
twitter.com/VMwareSRC
www.vmware.com/support/policies/lifecycle.html
www.vmware.com/support/policies/security_response.html
Related
