KLA10436
Multiple vulnerabilities in VMware vSphere Client
Updated: 06/01/2019
Detect date
?
04/10/2014
Severity
?
Critical
Description

Multiple critical vulnerabilities have been found in VMware vSphere. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security. Below is a complete list of vulnerabilities

  1. An improper client file update validation can be exploited remotely;
  2. An improper X.509 certificates validation can be exploited remotely via SSL service spoofing;
Affected products

VMware vSphere Client 4 versions 4.0, 4.1
VMware vSphere Client 5 versions 5.0, 5.1

Solution

Update vSphere client to safe version. Use one of these links or go to VMware bulletin for instructions.
vCenter Server 5.1 update
vCenter Server 5.0 update

Original advisories

VMware bulletin

Impacts
?
ACE 
[?]

SB 
[?]
Related products
VMware vSphere Client
CVE-IDS
?
CVE-2014-12105.8High
CVE-2014-12099.3Critical