KLA11142
DoS and OSI vulnerabilities in VMware products
Updated: 05/22/2020
Detect date
?
11/09/2017
Severity
?
Warning
Description

Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in VMware vCenter Server can be exploited remotely via specially crafted LDAP network packet to cause denial of service;
  2. SSRF and CRLF injection issues in vSphere Web Client i.e. not the new HTML5-based vSphere Client can be exploited remotely to disclose sensetive information.
Affected products

VMware vCenter Server 6.5 without 6.5 U1 patch
VMware vCenter Server 6.0 without 6.0 U3c patch

vCenter Server 5.5 without 5.5 U3f patch
Solution

Update to latest versions
Download VMware vCenter Server

Original advisories

VMSA-2017-0017

Impacts
?
OSI 
[?]

DoS 
[?]
Related products
VMware vSphere Client
VMware vCenter Server
CVE-IDS
?
CVE-2017-49285.0Critical
CVE-2017-49275.0Critical