Computer Security
[EN] securityvulns.ru no-pyccku


VMware vSphere multiple security vulnerabilities
Published:11.12.2014
Source:
SecurityVulns ID:14147
Type:remote
Threat Level:
5/10
Description:Crossite scripting, certificate validation issues, vulnerabilities in 3rd party packages.
CVE:CVE-2014-8371 (VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.)
 CVE-2014-3797 (Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentVMWARE, NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (11.12.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod